From 68815d30b9a97fc8bcbbf2781ee99ca586480e7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:23:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0404.json | 190 ++++++------- 2006/0xxx/CVE-2006-0581.json | 170 ++++++------ 2006/0xxx/CVE-2006-0635.json | 130 ++++----- 2006/0xxx/CVE-2006-0904.json | 34 +-- 2006/1xxx/CVE-2006-1359.json | 390 +++++++++++++-------------- 2006/1xxx/CVE-2006-1521.json | 34 +-- 2006/1xxx/CVE-2006-1667.json | 190 ++++++------- 2006/1xxx/CVE-2006-1696.json | 170 ++++++------ 2006/1xxx/CVE-2006-1786.json | 200 +++++++------- 2006/4xxx/CVE-2006-4701.json | 34 +-- 2006/5xxx/CVE-2006-5041.json | 120 ++++----- 2006/5xxx/CVE-2006-5394.json | 140 +++++----- 2006/5xxx/CVE-2006-5669.json | 150 +++++------ 2006/5xxx/CVE-2006-5806.json | 180 ++++++------- 2010/0xxx/CVE-2010-0470.json | 140 +++++----- 2010/0xxx/CVE-2010-0510.json | 130 ++++----- 2010/0xxx/CVE-2010-0591.json | 140 +++++----- 2010/0xxx/CVE-2010-0835.json | 120 ++++----- 2010/0xxx/CVE-2010-0847.json | 480 ++++++++++++++++----------------- 2010/2xxx/CVE-2010-2412.json | 130 ++++----- 2010/3xxx/CVE-2010-3042.json | 160 +++++------ 2010/3xxx/CVE-2010-3576.json | 130 ++++----- 2010/3xxx/CVE-2010-3675.json | 34 +-- 2010/3xxx/CVE-2010-3695.json | 300 ++++++++++----------- 2010/3xxx/CVE-2010-3922.json | 170 ++++++------ 2010/3xxx/CVE-2010-3954.json | 150 +++++------ 2010/3xxx/CVE-2010-3972.json | 210 +++++++-------- 2010/4xxx/CVE-2010-4388.json | 190 ++++++------- 2010/4xxx/CVE-2010-4615.json | 150 +++++------ 2010/4xxx/CVE-2010-4663.json | 140 +++++----- 2010/4xxx/CVE-2010-4868.json | 150 +++++------ 2014/0xxx/CVE-2014-0804.json | 150 +++++------ 2014/10xxx/CVE-2014-10023.json | 190 ++++++------- 2014/3xxx/CVE-2014-3969.json | 160 +++++------ 2014/4xxx/CVE-2014-4081.json | 150 +++++------ 2014/4xxx/CVE-2014-4088.json | 150 +++++------ 2014/4xxx/CVE-2014-4095.json | 150 +++++------ 2014/4xxx/CVE-2014-4183.json | 34 +-- 2014/4xxx/CVE-2014-4448.json | 160 +++++------ 2014/4xxx/CVE-2014-4931.json | 34 +-- 2014/8xxx/CVE-2014-8230.json | 34 +-- 2014/8xxx/CVE-2014-8438.json | 150 +++++------ 2014/8xxx/CVE-2014-8456.json | 120 ++++----- 2014/8xxx/CVE-2014-8719.json | 34 +-- 2014/9xxx/CVE-2014-9097.json | 140 +++++----- 2014/9xxx/CVE-2014-9595.json | 140 +++++----- 2014/9xxx/CVE-2014-9831.json | 140 +++++----- 2016/2xxx/CVE-2016-2119.json | 200 +++++++------- 2016/2xxx/CVE-2016-2317.json | 230 ++++++++-------- 2016/2xxx/CVE-2016-2517.json | 190 ++++++------- 2016/2xxx/CVE-2016-2661.json | 34 +-- 2016/3xxx/CVE-2016-3368.json | 140 +++++----- 2016/3xxx/CVE-2016-3403.json | 190 ++++++------- 2016/3xxx/CVE-2016-3762.json | 130 ++++----- 2016/6xxx/CVE-2016-6164.json | 140 +++++----- 2016/6xxx/CVE-2016-6280.json | 34 +-- 2016/6xxx/CVE-2016-6483.json | 180 ++++++------- 2016/7xxx/CVE-2016-7038.json | 130 ++++----- 2016/7xxx/CVE-2016-7399.json | 160 +++++------ 2016/7xxx/CVE-2016-7778.json | 34 +-- 2016/7xxx/CVE-2016-7801.json | 140 +++++----- 2016/7xxx/CVE-2016-7906.json | 180 ++++++------- 2016/7xxx/CVE-2016-7942.json | 210 +++++++-------- 2016/7xxx/CVE-2016-7994.json | 170 ++++++------ 64 files changed, 4742 insertions(+), 4742 deletions(-) diff --git a/2006/0xxx/CVE-2006-0404.json b/2006/0xxx/CVE-2006-0404.json index e108d7a53b5..ca01c6b6e28 100644 --- a/2006/0xxx/CVE-2006-0404.json +++ b/2006/0xxx/CVE-2006-0404.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060122 [eVuln] Note-A-Day Weblog Sensitive Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0389.html" - }, - { - "name" : "http://evuln.com/vulns/44/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/44/summary.html" - }, - { - "name" : "ADV-2006-0299", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0299" - }, - { - "name" : "22699", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22699" - }, - { - "name" : "1015539", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015539" - }, - { - "name" : "18566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18566" - }, - { - "name" : "371", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/371" - }, - { - "name" : "noteaday-archive-information-disclosure(24270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0299", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0299" + }, + { + "name": "20060122 [eVuln] Note-A-Day Weblog Sensitive Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0389.html" + }, + { + "name": "371", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/371" + }, + { + "name": "18566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18566" + }, + { + "name": "1015539", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015539" + }, + { + "name": "22699", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22699" + }, + { + "name": "http://evuln.com/vulns/44/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/44/summary.html" + }, + { + "name": "noteaday-archive-information-disclosure(24270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24270" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0581.json b/2006/0xxx/CVE-2006-0581.json index 0a84d21d19d..7358e35be0b 100644 --- a/2006/0xxx/CVE-2006-0581.json +++ b/2006/0xxx/CVE-2006-0581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-0460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0460" - }, - { - "name" : "22982", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22982" - }, - { - "name" : "22983", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22983" - }, - { - "name" : "1015584", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015584" - }, - { - "name" : "18731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18731" - }, - { - "name" : "hosting-controller-sql-injection(24537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22982", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22982" + }, + { + "name": "22983", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22983" + }, + { + "name": "hosting-controller-sql-injection(24537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24537" + }, + { + "name": "1015584", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015584" + }, + { + "name": "ADV-2006-0460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0460" + }, + { + "name": "18731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18731" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0635.json b/2006/0xxx/CVE-2006-0635.json index c79e869a14a..8fc1320ca8a 100644 --- a/2006/0xxx/CVE-2006-0635.json +++ b/2006/0xxx/CVE-2006-0635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the \"i>sizeof(int)\" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060207 Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424257/100/0/threaded" - }, - { - "name" : "22956", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the \"i>sizeof(int)\" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060207 Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424257/100/0/threaded" + }, + { + "name": "22956", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22956" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0904.json b/2006/0xxx/CVE-2006-0904.json index d76c1db1e30..3edf9c840a0 100644 --- a/2006/0xxx/CVE-2006-0904.json +++ b/2006/0xxx/CVE-2006-0904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0904", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-0904", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1359.json b/2006/1xxx/CVE-2006-1359.json index 8b196449e47..7ebb9f2ba7d 100644 --- a/2006/1xxx/CVE-2006-1359.json +++ b/2006/1xxx/CVE-2006-1359.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060322 IE crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428441" - }, - { - "name" : "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428583/100/0/threaded" - }, - { - "name" : "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429088/100/0/threaded" - }, - { - "name" : "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" - }, - { - "name" : "20060322 FW: [Full-disclosure] IE crash", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" - }, - { - "name" : "20060322 IE crash", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" - }, - { - "name" : "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" - }, - { - "name" : "20060327 Determina Fix for the IE createTextRange() bug", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" - }, - { - "name" : "http://www.computerterrorism.com/research/ct22-03-2006", - "refsource" : "MISC", - "url" : "http://www.computerterrorism.com/research/ct22-03-2006" - }, - { - "name" : "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428600/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-7/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-7/advisory/" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/917077.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/917077.mspx" - }, - { - "name" : "MS06-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" - }, - { - "name" : "TA06-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" - }, - { - "name" : "VU#876678", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/876678" - }, - { - "name" : "Q-154", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/q-154.shtml" - }, - { - "name" : "17196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17196" - }, - { - "name" : "ADV-2006-1050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1050" - }, - { - "name" : "ADV-2006-1318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1318" - }, - { - "name" : "24050", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24050" - }, - { - "name" : "oval:org.mitre.oval:def:1178", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" - }, - { - "name" : "oval:org.mitre.oval:def:1657", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" - }, - { - "name" : "oval:org.mitre.oval:def:1678", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" - }, - { - "name" : "oval:org.mitre.oval:def:1702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" - }, - { - "name" : "oval:org.mitre.oval:def:985", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" - }, - { - "name" : "1015812", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015812" - }, - { - "name" : "18680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18680" - }, - { - "name" : "ie-createtextrange-command-execution(25379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.computerterrorism.com/research/ct22-03-2006", + "refsource": "MISC", + "url": "http://www.computerterrorism.com/research/ct22-03-2006" + }, + { + "name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1678", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" + }, + { + "name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" + }, + { + "name": "ADV-2006-1050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1050" + }, + { + "name": "oval:org.mitre.oval:def:985", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" + }, + { + "name": "VU#876678", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/876678" + }, + { + "name": "24050", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24050" + }, + { + "name": "oval:org.mitre.oval:def:1178", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" + }, + { + "name": "20060322 IE crash", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" + }, + { + "name": "TA06-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" + }, + { + "name": "oval:org.mitre.oval:def:1702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" + }, + { + "name": "18680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18680" + }, + { + "name": "http://secunia.com/secunia_research/2006-7/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-7/advisory/" + }, + { + "name": "oval:org.mitre.oval:def:1657", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" + }, + { + "name": "ie-createtextrange-command-execution(25379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" + }, + { + "name": "20060327 Determina Fix for the IE createTextRange() bug", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" + }, + { + "name": "1015812", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015812" + }, + { + "name": "MS06-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" + }, + { + "name": "20060322 IE crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428441" + }, + { + "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" + }, + { + "name": "20060322 FW: [Full-disclosure] IE crash", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" + }, + { + "name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/917077.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" + }, + { + "name": "17196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17196" + }, + { + "name": "Q-154", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" + }, + { + "name": "ADV-2006-1318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1318" + }, + { + "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1521.json b/2006/1xxx/CVE-2006-1521.json index c6218f27c9f..d54eac93db4 100644 --- a/2006/1xxx/CVE-2006-1521.json +++ b/2006/1xxx/CVE-2006-1521.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1521", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-1521", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1667.json b/2006/1xxx/CVE-2006-1667.json index 9c285987fde..4c1bc6c5592 100644 --- a/2006/1xxx/CVE-2006-1667.json +++ b/2006/1xxx/CVE-2006-1667.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bash-x.net/undef/adv/craftygallery.html", - "refsource" : "MISC", - "url" : "http://bash-x.net/undef/adv/craftygallery.html" - }, - { - "name" : "http://bash-x.net/undef/exploits/crappy_syntax.txt", - "refsource" : "MISC", - "url" : "http://bash-x.net/undef/exploits/crappy_syntax.txt" - }, - { - "name" : "1645", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1645" - }, - { - "name" : "17379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17379" - }, - { - "name" : "ADV-2006-1239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1239" - }, - { - "name" : "24386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24386" - }, - { - "name" : "19478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19478" - }, - { - "name" : "crafty-slides-sql-injection(25654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1239" + }, + { + "name": "17379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17379" + }, + { + "name": "24386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24386" + }, + { + "name": "http://bash-x.net/undef/exploits/crappy_syntax.txt", + "refsource": "MISC", + "url": "http://bash-x.net/undef/exploits/crappy_syntax.txt" + }, + { + "name": "crafty-slides-sql-injection(25654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25654" + }, + { + "name": "http://bash-x.net/undef/adv/craftygallery.html", + "refsource": "MISC", + "url": "http://bash-x.net/undef/adv/craftygallery.html" + }, + { + "name": "1645", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1645" + }, + { + "name": "19478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19478" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1696.json b/2006/1xxx/CVE-2006-1696.json index 8865b94372d..868008e4b7b 100644 --- a/2006/1xxx/CVE-2006-1696.json +++ b/2006/1xxx/CVE-2006-1696.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130" - }, - { - "name" : "17437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17437" - }, - { - "name" : "ADV-2006-1285", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1285" - }, - { - "name" : "24466", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24466" - }, - { - "name" : "19580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19580" - }, - { - "name" : "gallery-unspecified-xss(25707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17437" + }, + { + "name": "24466", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24466" + }, + { + "name": "gallery-unspecified-xss(25707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130" + }, + { + "name": "ADV-2006-1285", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1285" + }, + { + "name": "19580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19580" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1786.json b/2006/1xxx/CVE-2006-1786.json index af81a229ffe..a18783f1ef6 100644 --- a/2006/1xxx/CVE-2006-1786.json +++ b/2006/1xxx/CVE-2006-1786.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430869/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-68/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-68/advisory/" - }, - { - "name" : "http://www.adobe.com/support/techdocs/322699.html", - "refsource" : "MISC", - "url" : "http://www.adobe.com/support/techdocs/322699.html" - }, - { - "name" : "17500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17500" - }, - { - "name" : "ADV-2006-1342", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1342" - }, - { - "name" : "24590", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24590" - }, - { - "name" : "24589", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24589" - }, - { - "name" : "15924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15924" - }, - { - "name" : "adobe-actionid-op-xss(25771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded" + }, + { + "name": "24589", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24589" + }, + { + "name": "http://www.adobe.com/support/techdocs/322699.html", + "refsource": "MISC", + "url": "http://www.adobe.com/support/techdocs/322699.html" + }, + { + "name": "24590", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24590" + }, + { + "name": "15924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15924" + }, + { + "name": "http://secunia.com/secunia_research/2005-68/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-68/advisory/" + }, + { + "name": "ADV-2006-1342", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1342" + }, + { + "name": "17500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17500" + }, + { + "name": "adobe-actionid-op-xss(25771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25771" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4701.json b/2006/4xxx/CVE-2006-4701.json index d614b40b201..e93cd043ac2 100644 --- a/2006/4xxx/CVE-2006-4701.json +++ b/2006/4xxx/CVE-2006-4701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4701", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4701", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5041.json b/2006/5xxx/CVE-2006-5041.json index b271acc2979..3be723c317c 100644 --- a/2006/5xxx/CVE-2006-5041.json +++ b/2006/5xxx/CVE-2006-5041.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.joomla.org/index.php/topic,79477.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,79477.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.joomla.org/index.php/topic,79477.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,79477.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5394.json b/2006/5xxx/CVE-2006-5394.json index a4460c06115..1409cbc885e 100644 --- a/2006/5xxx/CVE-2006-5394.json +++ b/2006/5xxx/CVE-2006-5394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 Limitations in Cisco Secure Desktop", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml" - }, - { - "name" : "20410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20410" - }, - { - "name" : "1017018", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061009 Limitations in Cisco Secure Desktop", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml" + }, + { + "name": "20410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20410" + }, + { + "name": "1017018", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017018" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5669.json b/2006/5xxx/CVE-2006-5669.json index d00e7258b1a..51ac5085050 100644 --- a/2006/5xxx/CVE-2006-5669.json +++ b/2006/5xxx/CVE-2006-5669.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2692", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2692" - }, - { - "name" : "20061102 Source VERIFY and patch for gepi RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001104.html" - }, - { - "name" : "20830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20830" - }, - { - "name" : "gepi-savebackup-file-include(29921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2692", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2692" + }, + { + "name": "gepi-savebackup-file-include(29921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29921" + }, + { + "name": "20061102 Source VERIFY and patch for gepi RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001104.html" + }, + { + "name": "20830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20830" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5806.json b/2006/5xxx/CVE-2006-5806.json index f0a66a732aa..cb1eabe4e16 100644 --- a/2006/5xxx/CVE-2006-5806.json +++ b/2006/5xxx/CVE-2006-5806.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml" - }, - { - "name" : "20964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20964" - }, - { - "name" : "ADV-2006-4409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4409" - }, - { - "name" : "30306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30306" - }, - { - "name" : "1017195", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017195" - }, - { - "name" : "22747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22747" - }, - { - "name" : "cisco-csd-ssl-vpn-information-disclosure(30129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017195", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017195" + }, + { + "name": "cisco-csd-ssl-vpn-information-disclosure(30129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129" + }, + { + "name": "22747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22747" + }, + { + "name": "30306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30306" + }, + { + "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml" + }, + { + "name": "ADV-2006-4409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4409" + }, + { + "name": "20964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20964" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0470.json b/2010/0xxx/CVE-2010-0470.json index 1adeefe7150..04e07934568 100644 --- a/2010/0xxx/CVE-2010-0470.json +++ b/2010/0xxx/CVE-2010-0470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/comtrend-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/comtrend-xss.txt" - }, - { - "name" : "38004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38004" - }, - { - "name" : "38309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38309" + }, + { + "name": "38004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38004" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/comtrend-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/comtrend-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0510.json b/2010/0xxx/CVE-2010-0510.json index 7ee9f6acf99..11290f535d0 100644 --- a/2010/0xxx/CVE-2010-0510.json +++ b/2010/0xxx/CVE-2010-0510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0591.json b/2010/0xxx/CVE-2010-0591.json index cd52e57b4a6..0f358efe0b4 100644 --- a/2010/0xxx/CVE-2010-0591.json +++ b/2010/0xxx/CVE-2010-0591.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml" - }, - { - "name" : "38498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38498" - }, - { - "name" : "1023670", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023670", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023670" + }, + { + "name": "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml" + }, + { + "name": "38498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38498" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0835.json b/2010/0xxx/CVE-2010-0835.json index bd78313cf3c..731131b7723 100644 --- a/2010/0xxx/CVE-2010-0835.json +++ b/2010/0xxx/CVE-2010-0835.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0847.json b/2010/0xxx/CVE-2010-0847.json index 0aa7e436873..1c4460ed684 100644 --- a/2010/0xxx/CVE-2010-0847.json +++ b/2010/0xxx/CVE-2010-0847.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100330 Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=865" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html" - }, - { - "name" : "RHSA-2010:0489", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0489.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-923-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-923-1" - }, - { - "name" : "39071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39071" - }, - { - "name" : "oval:org.mitre.oval:def:10392", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10392" - }, - { - "name" : "oval:org.mitre.oval:def:14453", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14453" - }, - { - "name" : "39292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39292" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "40211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40211" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - }, - { - "name" : "ADV-2010-1523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1523" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "39071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39071" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "RHSA-2010:0339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "39292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39292" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "ADV-2010-1523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1523" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "oval:org.mitre.oval:def:14453", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14453" + }, + { + "name": "20100330 Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=865" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "USN-923-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-923-1" + }, + { + "name": "oval:org.mitre.oval:def:10392", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10392" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "RHSA-2010:0489", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0489.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "40211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40211" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2412.json b/2010/2xxx/CVE-2010-2412.json index 28ffa75c4a1..3dc018e4a16 100644 --- a/2010/2xxx/CVE-2010-2412.json +++ b/2010/2xxx/CVE-2010-2412.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3042.json b/2010/3xxx/CVE-2010-3042.json index 88541a43bea..10320813204 100644 --- a/2010/3xxx/CVE-2010-3042.json +++ b/2010/3xxx/CVE-2010-3042.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" - }, - { - "name" : "20110201 Multiple Cisco WebEx Player Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" - }, - { - "name" : "46075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46075" - }, - { - "name" : "1025016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025016" - }, - { - "name" : "cisco-arf-bo(65073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" + }, + { + "name": "46075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46075" + }, + { + "name": "1025016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025016" + }, + { + "name": "cisco-arf-bo(65073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3576.json b/2010/3xxx/CVE-2010-3576.json index 6dab478ad21..10c520c1e1d 100644 --- a/2010/3xxx/CVE-2010-3576.json +++ b/2010/3xxx/CVE-2010-3576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3675.json b/2010/3xxx/CVE-2010-3675.json index 656086b5463..50064900f09 100644 --- a/2010/3xxx/CVE-2010-3675.json +++ b/2010/3xxx/CVE-2010-3675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3695.json b/2010/3xxx/CVE-2010-3695.json index 978a5bf5254..49c4efe73ce 100644 --- a/2010/3xxx/CVE-2010-3695.json +++ b/2010/3xxx/CVE-2010-3695.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513992/100/0/threaded" - }, - { - "name" : "20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html" - }, - { - "name" : "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2010/000568.html" - }, - { - "name" : "[announce] 20100928 IMP H3 (4.3.8) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2010/000558.html" - }, - { - "name" : "[oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/30/8" - }, - { - "name" : "[oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/30/7" - }, - { - "name" : "[oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/01/6" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584" - }, - { - "name" : "http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h" - }, - { - "name" : "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h", - "refsource" : "CONFIRM", - "url" : "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h" - }, - { - "name" : "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11", - "refsource" : "CONFIRM", - "url" : "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641069", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641069" - }, - { - "name" : "DSA-2204", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2204" - }, - { - "name" : "43515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43515" - }, - { - "name" : "41627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41627" - }, - { - "name" : "43896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43896" - }, - { - "name" : "8170", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8170" - }, - { - "name" : "ADV-2010-2513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2513" - }, - { - "name" : "ADV-2011-0769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2010/000568.html" + }, + { + "name": "43515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43515" + }, + { + "name": "DSA-2204", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2204" + }, + { + "name": "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11", + "refsource": "CONFIRM", + "url": "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11" + }, + { + "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/01/6" + }, + { + "name": "http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h" + }, + { + "name": "20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513992/100/0/threaded" + }, + { + "name": "20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html" + }, + { + "name": "[announce] 20100928 IMP H3 (4.3.8) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2010/000558.html" + }, + { + "name": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h", + "refsource": "CONFIRM", + "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h" + }, + { + "name": "ADV-2011-0769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0769" + }, + { + "name": "8170", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8170" + }, + { + "name": "41627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41627" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641069", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641069" + }, + { + "name": "ADV-2010-2513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2513" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584" + }, + { + "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/30/8" + }, + { + "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/30/7" + }, + { + "name": "43896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43896" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3922.json b/2010/3xxx/CVE-2010-3922.json index 82d50eb9f70..c64203df6e9 100644 --- a/2010/3xxx/CVE-2010-3922.json +++ b/2010/3xxx/CVE-2010-3922.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html" - }, - { - "name" : "JVN#78536512", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN78536512/index.html" - }, - { - "name" : "JVNDB-2010-000061", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html" - }, - { - "name" : "1024833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024833" - }, - { - "name" : "42539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42539" - }, - { - "name" : "ADV-2010-3145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024833" + }, + { + "name": "JVNDB-2010-000061", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html" + }, + { + "name": "ADV-2010-3145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3145" + }, + { + "name": "42539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42539" + }, + { + "name": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html" + }, + { + "name": "JVN#78536512", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN78536512/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3954.json b/2010/3xxx/CVE-2010-3954.json index 39900f80c82..df051ad2a06 100644 --- a/2010/3xxx/CVE-2010-3954.json +++ b/2010/3xxx/CVE-2010-3954.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka \"Microsoft Publisher Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-103", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12381", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12381" - }, - { - "name" : "1024885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka \"Microsoft Publisher Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12381", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12381" + }, + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-103", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" + }, + { + "name": "1024885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024885" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3972.json b/2010/3xxx/CVE-2010-3972.json index d5559295003..2fb4990daff 100644 --- a/2010/3xxx/CVE-2010-3972.json +++ b/2010/3xxx/CVE-2010-3972.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka \"IIS FTP Service Heap Buffer Overrun Vulnerability.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15803", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15803" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" - }, - { - "name" : "MS11-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-004" - }, - { - "name" : "VU#842372", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/842372" - }, - { - "name" : "45542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45542" - }, - { - "name" : "oval:org.mitre.oval:def:12370", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12370" - }, - { - "name" : "1024921", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024921" - }, - { - "name" : "42713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42713" - }, - { - "name" : "ADV-2010-3305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3305" - }, - { - "name" : "ms-iis-onsenddata-bo(64248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka \"IIS FTP Service Heap Buffer Overrun Vulnerability.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45542" + }, + { + "name": "MS11-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-004" + }, + { + "name": "ms-iis-onsenddata-bo(64248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64248" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" + }, + { + "name": "VU#842372", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/842372" + }, + { + "name": "1024921", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024921" + }, + { + "name": "oval:org.mitre.oval:def:12370", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12370" + }, + { + "name": "ADV-2010-3305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3305" + }, + { + "name": "15803", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15803" + }, + { + "name": "42713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42713" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4388.json b/2010/4xxx/CVE-2010-4388.json index 564c480214d..249e126a878 100644 --- a/2010/4xxx/CVE-2010-4388.json +++ b/2010/4xxx/CVE-2010-4388.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-276", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-276" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-277", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-277" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-278", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-278" - }, - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "69857", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69857" - }, - { - "name" : "69858", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69858" - }, - { - "name" : "69859", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69859" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-276", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-278", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278" + }, + { + "name": "69859", + "refsource": "OSVDB", + "url": "http://osvdb.org/69859" + }, + { + "name": "69858", + "refsource": "OSVDB", + "url": "http://osvdb.org/69858" + }, + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + }, + { + "name": "69857", + "refsource": "OSVDB", + "url": "http://osvdb.org/69857" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-277", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4615.json b/2010/4xxx/CVE-2010-4615.json index d4525543fc0..20185877054 100644 --- a/2010/4xxx/CVE-2010-4615.json +++ b/2010/4xxx/CVE-2010-4615.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15777", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15777" - }, - { - "name" : "45513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45513" - }, - { - "name" : "42706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42706" - }, - { - "name" : "otogalerisistemi-carsdetail-sql-injection(64210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "otogalerisistemi-carsdetail-sql-injection(64210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64210" + }, + { + "name": "15777", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15777" + }, + { + "name": "45513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45513" + }, + { + "name": "42706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42706" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4663.json b/2010/4xxx/CVE-2010-4663.json index 2fea3c9b2e7..e1eb433817b 100644 --- a/2010/4xxx/CVE-2010-4663.json +++ b/2010/4xxx/CVE-2010-4663.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110329 CVE request: cmsmadesimple before 1.9.1", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/29/2" - }, - { - "name" : "[oss-security] 20110330 Re: CVE request: cmsmadesimple before 1.9.1", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/30/9" - }, - { - "name" : "http://forum.cmsmadesimple.org/viewtopic.php?t=49245", - "refsource" : "CONFIRM", - "url" : "http://forum.cmsmadesimple.org/viewtopic.php?t=49245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110330 Re: CVE request: cmsmadesimple before 1.9.1", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/30/9" + }, + { + "name": "[oss-security] 20110329 CVE request: cmsmadesimple before 1.9.1", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/29/2" + }, + { + "name": "http://forum.cmsmadesimple.org/viewtopic.php?t=49245", + "refsource": "CONFIRM", + "url": "http://forum.cmsmadesimple.org/viewtopic.php?t=49245" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4868.json b/2010/4xxx/CVE-2010-4868.json index 848368f1753..c2cc5edb9ac 100644 --- a/2010/4xxx/CVE-2010-4868.json +++ b/2010/4xxx/CVE-2010-4868.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101022 Vulnerabilities in W-Agora", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514420/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt" - }, - { - "name" : "44370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44370" - }, - { - "name" : "8426", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt" + }, + { + "name": "8426", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8426" + }, + { + "name": "20101022 Vulnerabilities in W-Agora", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514420/100/0/threaded" + }, + { + "name": "44370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44370" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0804.json b/2014/0xxx/CVE-2014-0804.json index d907f25176a..5daa21b8838 100644 --- a/2014/0xxx/CVE-2014-0804.json +++ b/2014/0xxx/CVE-2014-0804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro" - }, - { - "name" : "JVN#44392991", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN44392991/index.html" - }, - { - "name" : "JVNDB-2014-000003", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free" + }, + { + "name": "JVN#44392991", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN44392991/index.html" + }, + { + "name": "JVNDB-2014-000003", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000003" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10023.json b/2014/10xxx/CVE-2014-10023.json index ec4a96a0840..a734f7b66e4 100644 --- a/2014/10xxx/CVE-2014-10023.json +++ b/2014/10xxx/CVE-2014-10023.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31419", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31419" - }, - { - "name" : "http://packetstormsecurity.com/files/125007", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125007" - }, - { - "name" : "65283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65283" - }, - { - "name" : "102834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102834" - }, - { - "name" : "102835", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102835" - }, - { - "name" : "102836", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102836" - }, - { - "name" : "102837", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102837" - }, - { - "name" : "topicsviewer-id-sql-injection(90918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102834", + "refsource": "OSVDB", + "url": "http://osvdb.org/102834" + }, + { + "name": "65283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65283" + }, + { + "name": "topicsviewer-id-sql-injection(90918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90918" + }, + { + "name": "31419", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31419" + }, + { + "name": "102836", + "refsource": "OSVDB", + "url": "http://osvdb.org/102836" + }, + { + "name": "http://packetstormsecurity.com/files/125007", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125007" + }, + { + "name": "102837", + "refsource": "OSVDB", + "url": "http://osvdb.org/102837" + }, + { + "name": "102835", + "refsource": "OSVDB", + "url": "http://osvdb.org/102835" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3969.json b/2014/3xxx/CVE-2014-3969.json index 30eb515f6b3..bbfcee066c6 100644 --- a/2014/3xxx/CVE-2014-3969.json +++ b/2014/3xxx/CVE-2014-3969.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140604 Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/04/14" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-98.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-98.html" - }, - { - "name" : "67819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67819" - }, - { - "name" : "1030333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030333" - }, - { - "name" : "58975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030333" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-98.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-98.html" + }, + { + "name": "58975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58975" + }, + { + "name": "67819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67819" + }, + { + "name": "[oss-security] 20140604 Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/04/14" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4081.json b/2014/4xxx/CVE-2014-4081.json index 3c8353c84a0..3f50e50a42c 100644 --- a/2014/4xxx/CVE-2014-4081.json +++ b/2014/4xxx/CVE-2014-4081.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69584" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144081-code-exec(95511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69584" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "ms-ie-cve20144081-code-exec(95511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95511" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4088.json b/2014/4xxx/CVE-2014-4088.json index bef086b067b..9ecbb81a758 100644 --- a/2014/4xxx/CVE-2014-4088.json +++ b/2014/4xxx/CVE-2014-4088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69595" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144088-code-exec(95518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "ms-ie-cve20144088-code-exec(95518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95518" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "69595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69595" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4095.json b/2014/4xxx/CVE-2014-4095.json index 1ac64ee8c65..b6f9b7355f9 100644 --- a/2014/4xxx/CVE-2014-4095.json +++ b/2014/4xxx/CVE-2014-4095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69604" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144095-code-exec(95525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69604" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "ms-ie-cve20144095-code-exec(95525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95525" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4183.json b/2014/4xxx/CVE-2014-4183.json index 6338f534804..f0db37db705 100644 --- a/2014/4xxx/CVE-2014-4183.json +++ b/2014/4xxx/CVE-2014-4183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4448.json b/2014/4xxx/CVE-2014-4448.json index 9b9f15dbbba..e08c2e1cae8 100644 --- a/2014/4xxx/CVE-2014-4448.json +++ b/2014/4xxx/CVE-2014-4448.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6541", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6541" - }, - { - "name" : "APPLE-SA-2014-10-20-1", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/archive/1/533747" - }, - { - "name" : "70661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70661" - }, - { - "name" : "1031077", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031077" - }, - { - "name" : "appleios-cve20144448-weak-security(97664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6541", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6541" + }, + { + "name": "1031077", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031077" + }, + { + "name": "70661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70661" + }, + { + "name": "appleios-cve20144448-weak-security(97664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664" + }, + { + "name": "APPLE-SA-2014-10-20-1", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/archive/1/533747" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4931.json b/2014/4xxx/CVE-2014-4931.json index 1fee5e0aee7..2dc898ce6fc 100644 --- a/2014/4xxx/CVE-2014-4931.json +++ b/2014/4xxx/CVE-2014-4931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8230.json b/2014/8xxx/CVE-2014-8230.json index 52e9a1ee444..44f51423441 100644 --- a/2014/8xxx/CVE-2014-8230.json +++ b/2014/8xxx/CVE-2014-8230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8230", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8230", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8438.json b/2014/8xxx/CVE-2014-8438.json index 970b8896046..697a1c40477 100644 --- a/2014/8xxx/CVE-2014-8438.json +++ b/2014/8xxx/CVE-2014-8438.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "71049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71049" - }, - { - "name" : "adobe-flash-cve20148438-code-exec(98619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" + }, + { + "name": "71049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71049" + }, + { + "name": "adobe-flash-cve20148438-code-exec(98619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98619" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8456.json b/2014/8xxx/CVE-2014-8456.json index 34e7f620640..00e96283776 100644 --- a/2014/8xxx/CVE-2014-8456.json +++ b/2014/8xxx/CVE-2014-8456.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8719.json b/2014/8xxx/CVE-2014-8719.json index 8f1db121803..44258219078 100644 --- a/2014/8xxx/CVE-2014-8719.json +++ b/2014/8xxx/CVE-2014-8719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9097.json b/2014/9xxx/CVE-2014-9097.json index 7052753c18f..3b0972f1e10 100644 --- a/2014/9xxx/CVE-2014-9097.json +++ b/2014/9xxx/CVE-2014-9097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "http://wordpress.org/plugins/contus-video-gallery/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/contus-video-gallery/changelog" - }, - { - "name" : "68883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "http://wordpress.org/plugins/contus-video-gallery/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/contus-video-gallery/changelog" + }, + { + "name": "68883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68883" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9595.json b/2014/9xxx/CVE-2014-9595.json index cf8a5ed276f..7bfb7e2a397 100644 --- a/2014/9xxx/CVE-2014-9595.json +++ b/2014/9xxx/CVE-2014-9595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/" - }, - { - "name" : "62150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/" + }, + { + "name": "62150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62150" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9831.json b/2014/9xxx/CVE-2014-9831.json index 9e8014cf116..d0b6591b551 100644 --- a/2014/9xxx/CVE-2014-9831.json +++ b/2014/9xxx/CVE-2014-9831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343487", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343487", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343487" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2119.json b/2016/2xxx/CVE-2016-2119.json index 1307062182d..b785d2a17b0 100644 --- a/2016/2xxx/CVE-2016-2119.json +++ b/2016/2xxx/CVE-2016-2119.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.samba.org/samba/security/CVE-2016-2119.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2016-2119.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "GLSA-201805-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-07" - }, - { - "name" : "RHSA-2016:1486", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1486.html" - }, - { - "name" : "RHSA-2016:1487", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1487.html" - }, - { - "name" : "RHSA-2016:1494", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1494.html" - }, - { - "name" : "openSUSE-SU-2016:1830", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00060.html" - }, - { - "name" : "91700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91700" - }, - { - "name" : "1036244", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "RHSA-2016:1494", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1494.html" + }, + { + "name": "91700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91700" + }, + { + "name": "RHSA-2016:1486", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1486.html" + }, + { + "name": "GLSA-201805-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-07" + }, + { + "name": "openSUSE-SU-2016:1830", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00060.html" + }, + { + "name": "RHSA-2016:1487", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1487.html" + }, + { + "name": "1036244", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036244" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2016-2119.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2016-2119.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2317.json b/2016/2xxx/CVE-2016-2317.json index 269d63492a7..caa317e86a6 100644 --- a/2016/2xxx/CVE-2016-2317.json +++ b/2016/2xxx/CVE-2016-2317.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160211 Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/11/6" - }, - { - "name" : "[oss-security] 20160520 Re: ImageMagick Is On Fire -- CVE-2016-3714", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/20/4" - }, - { - "name" : "[oss-security] 20160527 Security issues addressed in GraphicsMagick SVG reader", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/27/4" - }, - { - "name" : "[oss-security] 20160531 Re: Security issues addressed in GraphicsMagick SVG reader", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/31/3" - }, - { - "name" : "[oss-security] 20160906 GraphicsMagick 1.3.25 fixes some security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/07/4" - }, - { - "name" : "[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/18/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1306148", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1306148" - }, - { - "name" : "DSA-3746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3746" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:2073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" - }, - { - "name" : "83241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306148", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306148" + }, + { + "name": "[oss-security] 20160531 Re: Security issues addressed in GraphicsMagick SVG reader", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/31/3" + }, + { + "name": "83241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83241" + }, + { + "name": "[oss-security] 20160520 Re: ImageMagick Is On Fire -- CVE-2016-3714", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/20/4" + }, + { + "name": "[oss-security] 20160527 Security issues addressed in GraphicsMagick SVG reader", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/27/4" + }, + { + "name": "DSA-3746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3746" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/18/8" + }, + { + "name": "[oss-security] 20160211 Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/11/6" + }, + { + "name": "[oss-security] 20160906 GraphicsMagick 1.3.25 fixes some security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/07/4" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2517.json b/2016/2xxx/CVE-2016-2517.json index 48757f0b676..7ac5913fdaa 100644 --- a/2016/2xxx/CVE-2016-2517.json +++ b/2016/2xxx/CVE-2016-2517.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3010", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3010" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171004-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171004-0002/" - }, - { - "name" : "FreeBSD-SA-16:16", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "VU#718152", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/718152" - }, - { - "name" : "88189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88189" - }, - { - "name" : "1035705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3010", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3010" + }, + { + "name": "88189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88189" + }, + { + "name": "VU#718152", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/718152" + }, + { + "name": "1035705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035705" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" + }, + { + "name": "FreeBSD-SA-16:16", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2661.json b/2016/2xxx/CVE-2016-2661.json index 08e490c1977..cdc21aa4624 100644 --- a/2016/2xxx/CVE-2016-2661.json +++ b/2016/2xxx/CVE-2016-2661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2661", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2661", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3368.json b/2016/3xxx/CVE-2016-3368.json index bbd54f120ac..b33c31192f9 100644 --- a/2016/3xxx/CVE-2016-3368.json +++ b/2016/3xxx/CVE-2016-3368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka \"Windows Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-110", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110" - }, - { - "name" : "92847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92847" - }, - { - "name" : "1036798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka \"Windows Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-110", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110" + }, + { + "name": "92847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92847" + }, + { + "name": "1036798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036798" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3403.json b/2016/3xxx/CVE-2016-3403.json index c8a500c3a77..4f21385bceb 100644 --- a/2016/3xxx/CVE-2016-3403.json +++ b/2016/3xxx/CVE-2016-3403.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jan/30" - }, - { - "name" : "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/" - }, - { - "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=100885", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=100885" - }, - { - "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=100899", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=100899" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "95383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95383" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8" + }, + { + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899", + "refsource": "CONFIRM", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100899" + }, + { + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885", + "refsource": "CONFIRM", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=100885" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" + }, + { + "name": "20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jan/30" + }, + { + "name": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface/" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3762.json b/2016/3xxx/CVE-2016-3762.json index d58c8e3091a..eb8e2695353 100644 --- a/2016/3xxx/CVE-2016-3762.json +++ b/2016/3xxx/CVE-2016-3762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6164.json b/2016/6xxx/CVE-2016-6164.json index 833dca2e445..0567b10329b 100644 --- a/2016/6xxx/CVE-2016-6164.json +++ b/2016/6xxx/CVE-2016-6164.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823" - }, - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - }, - { - "name" : "95862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823" + }, + { + "name": "95862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95862" + }, + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6280.json b/2016/6xxx/CVE-2016-6280.json index be1a171d31e..7e8cfa43550 100644 --- a/2016/6xxx/CVE-2016-6280.json +++ b/2016/6xxx/CVE-2016-6280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6280", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6280", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6483.json b/2016/6xxx/CVE-2016-6483.json index ca38557d052..431216d06d5 100644 --- a/2016/6xxx/CVE-2016-6483.json +++ b/2016/6xxx/CVE-2016-6483.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40225", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40225/" - }, - { - "name" : "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt", - "refsource" : "MISC", - "url" : "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt" - }, - { - "name" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta" - }, - { - "name" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta" - }, - { - "name" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2" - }, - { - "name" : "92350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92350" - }, - { - "name" : "1036553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2" + }, + { + "name": "40225", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40225/" + }, + { + "name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta" + }, + { + "name": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt", + "refsource": "MISC", + "url": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt" + }, + { + "name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta" + }, + { + "name": "1036553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036553" + }, + { + "name": "92350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92350" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7038.json b/2016/7xxx/CVE-2016-7038.json index f9a139fcc74..e7bbf98754d 100644 --- a/2016/7xxx/CVE-2016-7038.json +++ b/2016/7xxx/CVE-2016-7038.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-7038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 2.x and 3.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=339631", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=339631" - }, - { - "name" : "93174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=339631", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=339631" + }, + { + "name": "93174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93174" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7399.json b/2016/7xxx/CVE-2016-7399.json index 6c7240a1972..57019f598d3 100644 --- a/2016/7xxx/CVE-2016-7399.json +++ b/2016/7xxx/CVE-2016-7399.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution" - }, - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS16-002.html" - }, - { - "name" : "https://www.veritas.com/support/en_US/article.000116055", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/support/en_US/article.000116055" - }, - { - "name" : "94384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94384" - }, - { - "name" : "1037555", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution" + }, + { + "name": "94384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94384" + }, + { + "name": "https://www.veritas.com/support/en_US/article.000116055", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/support/en_US/article.000116055" + }, + { + "name": "1037555", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037555" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7778.json b/2016/7xxx/CVE-2016-7778.json index dbf94767577..16010112db3 100644 --- a/2016/7xxx/CVE-2016-7778.json +++ b/2016/7xxx/CVE-2016-7778.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7778", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7778", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7801.json b/2016/7xxx/CVE-2016-7801.json index 627608c24cf..08823218529 100644 --- a/2016/7xxx/CVE-2016-7801.json +++ b/2016/7xxx/CVE-2016-7801.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9437", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9437" - }, - { - "name" : "JVN#14631222", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN14631222/index.html" - }, - { - "name" : "94966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#14631222", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN14631222/index.html" + }, + { + "name": "94966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94966" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9437", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9437" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7906.json b/2016/7xxx/CVE-2016-7906.json index 605ebf05eb7..857c6b35a46 100644 --- a/2016/7xxx/CVE-2016-7906.json +++ b/2016/7xxx/CVE-2016-7906.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161002 Re: imagemagick mogrify use after free", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/02/3" - }, - { - "name" : "[oss-security] 20161002 imagemagick mogrify use after free", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/02/1" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/281", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/281" - }, - { - "name" : "DSA-3726", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3726" - }, - { - "name" : "GLSA-201611-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-21" - }, - { - "name" : "93271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93271" + }, + { + "name": "[oss-security] 20161002 Re: imagemagick mogrify use after free", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/02/3" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0" + }, + { + "name": "[oss-security] 20161002 imagemagick mogrify use after free", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/02/1" + }, + { + "name": "GLSA-201611-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-21" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/281", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/281" + }, + { + "name": "DSA-3726", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3726" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7942.json b/2016/7xxx/CVE-2016-7942.json index 36030541b40..5de3123ad9f 100644 --- a/2016/7xxx/CVE-2016-7942.json +++ b/2016/7xxx/CVE-2016-7942.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-7942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4" - }, - { - "name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2" - }, - { - "name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17" - }, - { - "name" : "FEDORA-2016-0df69ab477", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "USN-3758-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-2/" - }, - { - "name" : "USN-3758-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-1/" - }, - { - "name" : "93363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93363" - }, - { - "name" : "1036945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036945" + }, + { + "name": "USN-3758-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-2/" + }, + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "93363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93363" + }, + { + "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" + }, + { + "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4" + }, + { + "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2" + }, + { + "name": "USN-3758-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-1/" + }, + { + "name": "FEDORA-2016-0df69ab477", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7994.json b/2016/7xxx/CVE-2016-7994.json index 3436db92784..6762c9cdefa 100644 --- a/2016/7xxx/CVE-2016-7994.json +++ b/2016/7xxx/CVE-2016-7994.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/07/2" - }, - { - "name" : "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/3" - }, - { - "name" : "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html" - }, - { - "name" : "GLSA-201611-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-11" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93453" + }, + { + "name": "GLSA-201611-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-11" + }, + { + "name": "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/2" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html" + }, + { + "name": "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/3" + } + ] + } +} \ No newline at end of file