From 69dd7adaec77c266ea816561fdcd88e0f5f6e194 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:37:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1320.json | 160 ++++++++++++------------ 2006/1xxx/CVE-2006-1978.json | 150 +++++++++++----------- 2006/5xxx/CVE-2006-5043.json | 210 +++++++++++++++---------------- 2006/5xxx/CVE-2006-5139.json | 140 ++++++++++----------- 2006/5xxx/CVE-2006-5642.json | 140 ++++++++++----------- 2006/5xxx/CVE-2006-5684.json | 34 ++--- 2006/5xxx/CVE-2006-5835.json | 180 +++++++++++++-------------- 2006/5xxx/CVE-2006-5963.json | 170 ++++++++++++------------- 2007/2xxx/CVE-2007-2458.json | 180 +++++++++++++-------------- 2007/2xxx/CVE-2007-2499.json | 180 +++++++++++++-------------- 2007/2xxx/CVE-2007-2516.json | 34 ++--- 2007/2xxx/CVE-2007-2559.json | 170 ++++++++++++------------- 2007/2xxx/CVE-2007-2649.json | 180 +++++++++++++-------------- 2007/6xxx/CVE-2007-6212.json | 150 +++++++++++----------- 2007/6xxx/CVE-2007-6723.json | 170 ++++++++++++------------- 2010/0xxx/CVE-2010-0808.json | 140 ++++++++++----------- 2010/0xxx/CVE-2010-0931.json | 130 +++++++++---------- 2010/1xxx/CVE-2010-1024.json | 150 +++++++++++----------- 2010/1xxx/CVE-2010-1140.json | 190 ++++++++++++++-------------- 2010/1xxx/CVE-2010-1351.json | 140 ++++++++++----------- 2010/1xxx/CVE-2010-1757.json | 210 +++++++++++++++---------------- 2010/1xxx/CVE-2010-1932.json | 170 ++++++++++++------------- 2010/4xxx/CVE-2010-4286.json | 34 ++--- 2010/4xxx/CVE-2010-4652.json | 220 ++++++++++++++++----------------- 2010/4xxx/CVE-2010-4935.json | 120 +++++++++--------- 2010/4xxx/CVE-2010-4983.json | 180 +++++++++++++-------------- 2014/0xxx/CVE-2014-0488.json | 150 +++++++++++----------- 2014/0xxx/CVE-2014-0743.json | 140 ++++++++++----------- 2014/0xxx/CVE-2014-0761.json | 120 +++++++++--------- 2014/0xxx/CVE-2014-0765.json | 130 +++++++++---------- 2014/0xxx/CVE-2014-0928.json | 34 ++--- 2014/10xxx/CVE-2014-10036.json | 150 +++++++++++----------- 2014/1xxx/CVE-2014-1422.json | 34 ++--- 2014/1xxx/CVE-2014-1706.json | 130 +++++++++---------- 2014/1xxx/CVE-2014-1827.json | 120 +++++++++--------- 2014/4xxx/CVE-2014-4154.json | 140 ++++++++++----------- 2014/4xxx/CVE-2014-4490.json | 34 ++--- 2014/4xxx/CVE-2014-4860.json | 34 ++--- 2014/4xxx/CVE-2014-4892.json | 140 ++++++++++----------- 2014/9xxx/CVE-2014-9304.json | 140 ++++++++++----------- 2014/9xxx/CVE-2014-9489.json | 150 +++++++++++----------- 2014/9xxx/CVE-2014-9726.json | 34 ++--- 2016/3xxx/CVE-2016-3125.json | 210 +++++++++++++++---------------- 2016/3xxx/CVE-2016-3495.json | 150 +++++++++++----------- 2016/3xxx/CVE-2016-3557.json | 140 ++++++++++----------- 2016/3xxx/CVE-2016-3796.json | 120 +++++++++--------- 2016/6xxx/CVE-2016-6518.json | 130 +++++++++---------- 2016/7xxx/CVE-2016-7039.json | 220 ++++++++++++++++----------------- 2016/7xxx/CVE-2016-7123.json | 140 ++++++++++----------- 2016/7xxx/CVE-2016-7429.json | 210 +++++++++++++++---------------- 2016/7xxx/CVE-2016-7903.json | 150 +++++++++++----------- 2016/8xxx/CVE-2016-8278.json | 130 +++++++++---------- 2016/8xxx/CVE-2016-8306.json | 164 ++++++++++++------------ 2016/8xxx/CVE-2016-8495.json | 146 +++++++++++----------- 2016/9xxx/CVE-2016-9257.json | 130 +++++++++---------- 2019/2xxx/CVE-2019-2993.json | 34 ++--- 56 files changed, 3843 insertions(+), 3843 deletions(-) diff --git a/2006/1xxx/CVE-2006-1320.json b/2006/1xxx/CVE-2006-1320.json index 5623be88c6b..5d26df8dd4c 100644 --- a/2006/1xxx/CVE-2006-1320.json +++ b/2006/1xxx/CVE-2006-1320.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322" - }, - { - "name" : "DSA-1109", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1109" - }, - { - "name" : "18999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18999" - }, - { - "name" : "21087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21087" - }, - { - "name" : "debian-rssh-rsync-rdist-bypass-security(25424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1109", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1109" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322" + }, + { + "name": "18999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18999" + }, + { + "name": "21087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21087" + }, + { + "name": "debian-rssh-rsync-rdist-bypass-security(25424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1978.json b/2006/1xxx/CVE-2006-1978.json index 19a7eb476ba..0b881706c82 100644 --- a/2006/1xxx/CVE-2006-1978.json +++ b/2006/1xxx/CVE-2006-1978.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 FlexBB 0.5.5 Bypass Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431156/100/0/threaded" - }, - { - "name" : "1686", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1686" - }, - { - "name" : "17568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17568" - }, - { - "name" : "1015949", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015949", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015949" + }, + { + "name": "20060417 FlexBB 0.5.5 Bypass Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431156/100/0/threaded" + }, + { + "name": "17568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17568" + }, + { + "name": "1686", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1686" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5043.json b/2006/5xxx/CVE-2006-5043.json index f99d5c0458e..5070a9fe9a8 100644 --- a/2006/5xxx/CVE-2006-5043.json +++ b/2006/5xxx/CVE-2006-5043.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070323 Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=117468769820721&w=2" - }, - { - "name" : "3560", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3560" - }, - { - "name" : "http://forum.joomla.org/index.php/topic,76852.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,76852.0.html" - }, - { - "name" : "http://forum.joomla.org/index.php/topic,79477.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,79477.0.html" - }, - { - "name" : "http://jext.info/builds/joomlaboard/joomlaboard-1.1.1-stable.tgz", - "refsource" : "CONFIRM", - "url" : "http://jext.info/builds/joomlaboard/joomlaboard-1.1.1-stable.tgz" - }, - { - "name" : "http://www.howtoria.com/index.php?option=com_docman&task=doc_download&gid=32&Itemid=27", - "refsource" : "CONFIRM", - "url" : "http://www.howtoria.com/index.php?option=com_docman&task=doc_download&gid=32&Itemid=27" - }, - { - "name" : "23129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23129" - }, - { - "name" : "ADV-2006-2804", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2804" - }, - { - "name" : "21059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21059" - }, - { - "name" : "joomlaboard-fileimageupload-file-include(33199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.joomla.org/index.php/topic,76852.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,76852.0.html" + }, + { + "name": "http://jext.info/builds/joomlaboard/joomlaboard-1.1.1-stable.tgz", + "refsource": "CONFIRM", + "url": "http://jext.info/builds/joomlaboard/joomlaboard-1.1.1-stable.tgz" + }, + { + "name": "http://forum.joomla.org/index.php/topic,79477.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,79477.0.html" + }, + { + "name": "joomlaboard-fileimageupload-file-include(33199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33199" + }, + { + "name": "21059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21059" + }, + { + "name": "3560", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3560" + }, + { + "name": "ADV-2006-2804", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2804" + }, + { + "name": "20070323 Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=117468769820721&w=2" + }, + { + "name": "23129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23129" + }, + { + "name": "http://www.howtoria.com/index.php?option=com_docman&task=doc_download&gid=32&Itemid=27", + "refsource": "CONFIRM", + "url": "http://www.howtoria.com/index.php?option=com_docman&task=doc_download&gid=32&Itemid=27" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5139.json b/2006/5xxx/CVE-2006-5139.json index 206d5256582..93a1922a3e3 100644 --- a/2006/5xxx/CVE-2006-5139.json +++ b/2006/5xxx/CVE-2006-5139.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects \"Tables,\" related to the Urlobox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060928 MkPortal UrloBox Increment Zize Desfiguration", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447309/100/0/threaded" - }, - { - "name" : "1673", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1673" - }, - { - "name" : "mkportal-urlobox-unauthorized-access(33469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects \"Tables,\" related to the Urlobox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mkportal-urlobox-unauthorized-access(33469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33469" + }, + { + "name": "1673", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1673" + }, + { + "name": "20060928 MkPortal UrloBox Increment Zize Desfiguration", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447309/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5642.json b/2006/5xxx/CVE-2006-5642.json index 557b11f1c18..ec0adf41939 100644 --- a/2006/5xxx/CVE-2006-5642.json +++ b/2006/5xxx/CVE-2006-5642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=456767&group_id=168715", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=456767&group_id=168715" - }, - { - "name" : "20820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20820" - }, - { - "name" : "ADV-2006-4237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20820" + }, + { + "name": "ADV-2006-4237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4237" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=456767&group_id=168715", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=456767&group_id=168715" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5684.json b/2006/5xxx/CVE-2006-5684.json index bc86184fa17..a122ba9d122 100644 --- a/2006/5xxx/CVE-2006-5684.json +++ b/2006/5xxx/CVE-2006-5684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5684", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5835.json b/2006/5xxx/CVE-2006-5835.json index 6f4c2d516b7..ccb1eb0c7c5 100644 --- a/2006/5xxx/CVE-2006-5835.json +++ b/2006/5xxx/CVE-2006-5835.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", - "refsource" : "MISC", - "url" : "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026" - }, - { - "name" : "20960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20960" - }, - { - "name" : "ADV-2006-4411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4411" - }, - { - "name" : "1017203", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017203" - }, - { - "name" : "22741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22741" - }, - { - "name" : "lotusnotes-nrpc-information-disclosure(30118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017203", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017203" + }, + { + "name": "20960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20960" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026" + }, + { + "name": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", + "refsource": "MISC", + "url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf" + }, + { + "name": "lotusnotes-nrpc-information-disclosure(30118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118" + }, + { + "name": "22741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22741" + }, + { + "name": "ADV-2006-4411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4411" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5963.json b/2006/5xxx/CVE-2006-5963.json index 28fef85ef13..87089d1ee79 100644 --- a/2006/5xxx/CVE-2006-5963.json +++ b/2006/5xxx/CVE-2006-5963.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-5963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-72/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-72/advisory/" - }, - { - "name" : "22104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22104" - }, - { - "name" : "ADV-2007-0235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0235" - }, - { - "name" : "32864", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32864" - }, - { - "name" : "21458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21458" - }, - { - "name" : "pentazip-archive-directory-traversal(31581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0235" + }, + { + "name": "21458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21458" + }, + { + "name": "32864", + "refsource": "OSVDB", + "url": "http://osvdb.org/32864" + }, + { + "name": "http://secunia.com/secunia_research/2006-72/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-72/advisory/" + }, + { + "name": "22104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22104" + }, + { + "name": "pentazip-archive-directory-traversal(31581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31581" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2458.json b/2007/2xxx/CVE-2007-2458.json index c9c91ab5d80..1456d138e3e 100644 --- a/2007/2xxx/CVE-2007-2458.json +++ b/2007/2xxx/CVE-2007-2458.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3733", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3733" - }, - { - "name" : "http://pixaria.com/index.history.php", - "refsource" : "CONFIRM", - "url" : "http://pixaria.com/index.history.php" - }, - { - "name" : "http://www.pixaria.com/news/article/70/", - "refsource" : "CONFIRM", - "url" : "http://www.pixaria.com/news/article/70/" - }, - { - "name" : "http://www.pixaria.com/news/article/71/", - "refsource" : "CONFIRM", - "url" : "http://www.pixaria.com/news/article/71/" - }, - { - "name" : "ADV-2007-1390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1390" - }, - { - "name" : "24821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24821" - }, - { - "name" : "pixaria-classsmarty-file-include(33662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pixaria.com/news/article/71/", + "refsource": "CONFIRM", + "url": "http://www.pixaria.com/news/article/71/" + }, + { + "name": "3733", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3733" + }, + { + "name": "ADV-2007-1390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1390" + }, + { + "name": "pixaria-classsmarty-file-include(33662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33662" + }, + { + "name": "http://www.pixaria.com/news/article/70/", + "refsource": "CONFIRM", + "url": "http://www.pixaria.com/news/article/70/" + }, + { + "name": "24821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24821" + }, + { + "name": "http://pixaria.com/index.history.php", + "refsource": "CONFIRM", + "url": "http://pixaria.com/index.history.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2499.json b/2007/2xxx/CVE-2007-2499.json index 6c243577bff..d568732ccd7 100644 --- a/2007/2xxx/CVE-2007-2499.json +++ b/2007/2xxx/CVE-2007-2499.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2007/05/dvddb-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2007/05/dvddb-xss-vuln.html" - }, - { - "name" : "23764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23764" - }, - { - "name" : "35544", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35544" - }, - { - "name" : "35545", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35545" - }, - { - "name" : "ADV-2007-1648", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1648" - }, - { - "name" : "25127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25127" - }, - { - "name" : "dvddb-loan-listmovies-xss(34017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2007/05/dvddb-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2007/05/dvddb-xss-vuln.html" + }, + { + "name": "23764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23764" + }, + { + "name": "ADV-2007-1648", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1648" + }, + { + "name": "35544", + "refsource": "OSVDB", + "url": "http://osvdb.org/35544" + }, + { + "name": "25127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25127" + }, + { + "name": "dvddb-loan-listmovies-xss(34017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34017" + }, + { + "name": "35545", + "refsource": "OSVDB", + "url": "http://osvdb.org/35545" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2516.json b/2007/2xxx/CVE-2007-2516.json index c5154f0a191..d56e21488e8 100644 --- a/2007/2xxx/CVE-2007-2516.json +++ b/2007/2xxx/CVE-2007-2516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2559.json b/2007/2xxx/CVE-2007-2559.json index bfface6eaf8..f95e3d06e97 100644 --- a/2007/2xxx/CVE-2007-2559.json +++ b/2007/2xxx/CVE-2007-2559.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070506 american cart 3.* (abs_path) remote file include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467840/100/0/threaded" - }, - { - "name" : "36170", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36170" - }, - { - "name" : "36171", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36171" - }, - { - "name" : "36172", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36172" - }, - { - "name" : "2681", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2681" - }, - { - "name" : "americancart-abspath-file-include(34165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "americancart-abspath-file-include(34165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34165" + }, + { + "name": "20070506 american cart 3.* (abs_path) remote file include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467840/100/0/threaded" + }, + { + "name": "36172", + "refsource": "OSVDB", + "url": "http://osvdb.org/36172" + }, + { + "name": "36171", + "refsource": "OSVDB", + "url": "http://osvdb.org/36171" + }, + { + "name": "36170", + "refsource": "OSVDB", + "url": "http://osvdb.org/36170" + }, + { + "name": "2681", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2681" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2649.json b/2007/2xxx/CVE-2007-2649.json index 9711d626a6c..4c0124eef12 100644 --- a/2007/2xxx/CVE-2007-2649.json +++ b/2007/2xxx/CVE-2007-2649.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070511 Design Flaw in Deutsche Telekom Speedport w700v broadband router", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468361/100/0/threaded" - }, - { - "name" : "http://www.devtarget.org/speedport700-advisory-05-2007.txt", - "refsource" : "MISC", - "url" : "http://www.devtarget.org/speedport700-advisory-05-2007.txt" - }, - { - "name" : "23967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23967" - }, - { - "name" : "36011", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36011" - }, - { - "name" : "25266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25266" - }, - { - "name" : "2705", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2705" - }, - { - "name" : "speedport-login-brute-force(34334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.devtarget.org/speedport700-advisory-05-2007.txt", + "refsource": "MISC", + "url": "http://www.devtarget.org/speedport700-advisory-05-2007.txt" + }, + { + "name": "23967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23967" + }, + { + "name": "25266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25266" + }, + { + "name": "speedport-login-brute-force(34334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34334" + }, + { + "name": "36011", + "refsource": "OSVDB", + "url": "http://osvdb.org/36011" + }, + { + "name": "2705", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2705" + }, + { + "name": "20070511 Design Flaw in Deutsche Telekom Speedport w700v broadband router", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468361/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6212.json b/2007/6xxx/CVE-2007-6212.json index 07c93ba7c5b..0e970d91f56 100644 --- a/2007/6xxx/CVE-2007-6212.json +++ b/2007/6xxx/CVE-2007-6212.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4679", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4679" - }, - { - "name" : "26649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26649" - }, - { - "name" : "39700", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39700" - }, - { - "name" : "kmlshare-region-directory-traversal(38775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26649" + }, + { + "name": "kmlshare-region-directory-traversal(38775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38775" + }, + { + "name": "4679", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4679" + }, + { + "name": "39700", + "refsource": "OSVDB", + "url": "http://osvdb.org/39700" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6723.json b/2007/6xxx/CVE-2007-6723.json index a077120fc62..f5bb897702b 100644 --- a/2007/6xxx/CVE-2007-6723.json +++ b/2007/6xxx/CVE-2007-6723.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" - }, - { - "name" : "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Oct-2007/msg00296.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836" - }, - { - "name" : "26386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26386" - }, - { - "name" : "48694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48694" - }, - { - "name" : "tork-privoxy-security-bypass(42280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" + }, + { + "name": "[or-talk] 20071031 Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Oct-2007/msg00296.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836" + }, + { + "name": "tork-privoxy-security-bypass(42280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280" + }, + { + "name": "48694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48694" + }, + { + "name": "26386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26386" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0808.json b/2010/0xxx/CVE-2010-0808.json index 03ac5caa927..f15a2f8ea6c 100644 --- a/2010/0xxx/CVE-2010-0808.json +++ b/2010/0xxx/CVE-2010-0808.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka \"AutoComplete Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100113324", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113324" - }, - { - "name" : "MS10-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" - }, - { - "name" : "oval:org.mitre.oval:def:6889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka \"AutoComplete Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" + }, + { + "name": "oval:org.mitre.oval:def:6889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113324", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113324" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0931.json b/2010/0xxx/CVE-2010-0931.json index 0f92abf5893..440dd2675d2 100644 --- a/2010/0xxx/CVE-2010-0931.json +++ b/2010/0xxx/CVE-2010-0931.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20100304 Perforce", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" - }, - { - "name" : "36261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36261" + }, + { + "name": "[dailydave] 20100304 Perforce", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1024.json b/2010/1xxx/CVE-2010-1024.json index ef0896ff6c6..2bf69b36bec 100644 --- a/2010/1xxx/CVE-2010-1024.json +++ b/2010/1xxx/CVE-2010-1024.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38805" - }, - { - "name" : "tgmnewsletter-unspecified-sql-injection(56978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/" + }, + { + "name": "tgmnewsletter-unspecified-sql-injection(56978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + }, + { + "name": "38805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38805" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1140.json b/2010/1xxx/CVE-2010-1140.json index 11c43e3c93a..2043e78aa4f 100644 --- a/2010/1xxx/CVE-2010-1140.json +++ b/2010/1xxx/CVE-2010-1140.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "39397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39397" - }, - { - "name" : "1023834", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023834" - }, - { - "name" : "39206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "39206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39206" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "39397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39397" + }, + { + "name": "1023834", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023834" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1351.json b/2010/1xxx/CVE-2010-1351.json index 30c3a263120..545124c7c2f 100644 --- a/2010/1xxx/CVE-2010-1351.json +++ b/2010/1xxx/CVE-2010-1351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12047", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12047" - }, - { - "name" : "39311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39311" - }, - { - "name" : "nodesforum-preoutput-file-include(57517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12047", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12047" + }, + { + "name": "nodesforum-preoutput-file-include(57517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57517" + }, + { + "name": "39311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39311" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1757.json b/2010/1xxx/CVE-2010-1757.json index 6b8012c98b9..bba8ec3a394 100644 --- a/2010/1xxx/CVE-2010-1757.json +++ b/2010/1xxx/CVE-2010-1757.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "41016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41016" - }, - { - "name" : "41068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41068" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "41016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41016" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "41068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41068" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1932.json b/2010/1xxx/CVE-2010-1932.json index 1e01a650b1f..557cd4e3788 100644 --- a/2010/1xxx/CVE-2010-1932.json +++ b/2010/1xxx/CVE-2010-1932.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow" - }, - { - "name" : "40852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40852" - }, - { - "name" : "1024100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024100" - }, - { - "name" : "40141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40141" - }, - { - "name" : "ADV-2010-1468", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1468" - }, - { - "name" : "xnview-mbm-bo(59421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xnview-mbm-bo(59421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421" + }, + { + "name": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow" + }, + { + "name": "ADV-2010-1468", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1468" + }, + { + "name": "40141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40141" + }, + { + "name": "40852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40852" + }, + { + "name": "1024100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024100" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4286.json b/2010/4xxx/CVE-2010-4286.json index 632af150ced..d227a69e776 100644 --- a/2010/4xxx/CVE-2010-4286.json +++ b/2010/4xxx/CVE-2010-4286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4286", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4286", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4652.json b/2010/4xxx/CVE-2010-4652.json index 27b1e833cc3..6373539e7a3 100644 --- a/2010/4xxx/CVE-2010-4652.json +++ b/2010/4xxx/CVE-2010-4652.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=3536", - "refsource" : "MISC", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=3536" - }, - { - "name" : "http://phrack.org/issues.html?issue=67&id=7#article", - "refsource" : "MISC", - "url" : "http://phrack.org/issues.html?issue=67&id=7#article" - }, - { - "name" : "http://proftpd.org/docs/RELEASE_NOTES-1.3.3d", - "refsource" : "CONFIRM", - "url" : "http://proftpd.org/docs/RELEASE_NOTES-1.3.3d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=670170", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=670170" - }, - { - "name" : "DSA-2191", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2191" - }, - { - "name" : "FEDORA-2011-0610", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html" - }, - { - "name" : "FEDORA-2011-0613", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html" - }, - { - "name" : "MDVSA-2011:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:023" - }, - { - "name" : "44933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44933" - }, - { - "name" : "ADV-2011-0248", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0248" - }, - { - "name" : "ADV-2011-0331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-0610", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html" + }, + { + "name": "FEDORA-2011-0613", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html" + }, + { + "name": "DSA-2191", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2191" + }, + { + "name": "http://proftpd.org/docs/RELEASE_NOTES-1.3.3d", + "refsource": "CONFIRM", + "url": "http://proftpd.org/docs/RELEASE_NOTES-1.3.3d" + }, + { + "name": "ADV-2011-0248", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0248" + }, + { + "name": "MDVSA-2011:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:023" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=3536", + "refsource": "MISC", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=3536" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=670170", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=670170" + }, + { + "name": "44933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44933" + }, + { + "name": "ADV-2011-0331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0331" + }, + { + "name": "http://phrack.org/issues.html?issue=67&id=7#article", + "refsource": "MISC", + "url": "http://phrack.org/issues.html?issue=67&id=7#article" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4935.json b/2010/4xxx/CVE-2010-4935.json index f118d6d39cd..00829d6f699 100644 --- a/2010/4xxx/CVE-2010-4935.json +++ b/2010/4xxx/CVE-2010-4935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15126", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15126", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15126" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4983.json b/2010/4xxx/CVE-2010-4983.json index 31eeb055bd9..5589d1eae37 100644 --- a/2010/4xxx/CVE-2010-4983.json +++ b/2010/4xxx/CVE-2010-4983.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100701 iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512141/100/0/threaded" - }, - { - "name" : "14164", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14164" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt" - }, - { - "name" : "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt", - "refsource" : "MISC", - "url" : "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt" - }, - { - "name" : "41300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41300" - }, - { - "name" : "40434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40434" - }, - { - "name" : "8486", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8486", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8486" + }, + { + "name": "20100701 iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512141/100/0/threaded" + }, + { + "name": "14164", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14164" + }, + { + "name": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt", + "refsource": "MISC", + "url": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt" + }, + { + "name": "41300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41300" + }, + { + "name": "40434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40434" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0488.json b/2014/0xxx/CVE-2014-0488.json index 64f77cf93b1..a5c5fc60439 100644 --- a/2014/0xxx/CVE-2014-0488.json +++ b/2014/0xxx/CVE-2014-0488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-3025", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3025" - }, - { - "name" : "USN-2348-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2348-1" - }, - { - "name" : "61275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61275" - }, - { - "name" : "61286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61286" + }, + { + "name": "61275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61275" + }, + { + "name": "USN-2348-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2348-1" + }, + { + "name": "DSA-3025", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3025" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0743.json b/2014/0xxx/CVE-2014-0743.json index e08c09f76df..90559caa067 100644 --- a/2014/0xxx/CVE-2014-0743.json +++ b/2014/0xxx/CVE-2014-0743.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044" - }, - { - "name" : "20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743" - }, - { - "name" : "1029843", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743" + }, + { + "name": "1029843", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029843" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0761.json b/2014/0xxx/CVE-2014-0761.json index bcfef85c03c..11c9b909a62 100644 --- a/2014/0xxx/CVE-2014-0761.json +++ b/2014/0xxx/CVE-2014-0761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0765.json b/2014/0xxx/CVE-2014-0765.json index a73b33b5dd7..c9ec67498ac 100644 --- a/2014/0xxx/CVE-2014-0765.json +++ b/2014/0xxx/CVE-2014-0765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" - }, - { - "name" : "66722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" + }, + { + "name": "66722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66722" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0928.json b/2014/0xxx/CVE-2014-0928.json index 4792949711d..b5ab2069b11 100644 --- a/2014/0xxx/CVE-2014-0928.json +++ b/2014/0xxx/CVE-2014-0928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10036.json b/2014/10xxx/CVE-2014-10036.json index 80b151c93f5..0a6b60a30be 100644 --- a/2014/10xxx/CVE-2014-10036.json +++ b/2014/10xxx/CVE-2014-10036.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/" - }, - { - "name" : "http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1", - "refsource" : "CONFIRM", - "url" : "http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1" - }, - { - "name" : "57221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57221" - }, - { - "name" : "teamcity-camefromurl-xss(91768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/", + "refsource": "MISC", + "url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/" + }, + { + "name": "http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1", + "refsource": "CONFIRM", + "url": "http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1" + }, + { + "name": "teamcity-camefromurl-xss(91768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91768" + }, + { + "name": "57221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57221" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1422.json b/2014/1xxx/CVE-2014-1422.json index 613f3d0ac7b..ff9d2aa45ed 100644 --- a/2014/1xxx/CVE-2014-1422.json +++ b/2014/1xxx/CVE-2014-1422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1422", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1422", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1706.json b/2014/1xxx/CVE-2014-1706.json index 66d01d96d4d..16f8d3bda41 100644 --- a/2014/1xxx/CVE-2014-1706.json +++ b/2014/1xxx/CVE-2014-1706.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=351796", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=351796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=351796", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=351796" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1827.json b/2014/1xxx/CVE-2014-1827.json index 2d1fe125197..6bf963aec3d 100644 --- a/2014/1xxx/CVE-2014-1827.json +++ b/2014/1xxx/CVE-2014-1827.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.madirish.net/559", - "refsource" : "MISC", - "url" : "http://www.madirish.net/559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.madirish.net/559", + "refsource": "MISC", + "url": "http://www.madirish.net/559" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4154.json b/2014/4xxx/CVE-2014-4154.json index 20c58f72640..4de846dec98 100644 --- a/2014/4xxx/CVE-2014-4154.json +++ b/2014/4xxx/CVE-2014-4154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33803", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33803" - }, - { - "name" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" - }, - { - "name" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" + }, + { + "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/" + }, + { + "name": "33803", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33803" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4490.json b/2014/4xxx/CVE-2014-4490.json index c8306b1bd5c..7a67c6552b4 100644 --- a/2014/4xxx/CVE-2014-4490.json +++ b/2014/4xxx/CVE-2014-4490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4490", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4490", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4860.json b/2014/4xxx/CVE-2014-4860.json index 2a7ca99214c..67a9387efba 100644 --- a/2014/4xxx/CVE-2014-4860.json +++ b/2014/4xxx/CVE-2014-4860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4892.json b/2014/4xxx/CVE-2014-4892.json index bb3a7da48c7..79a6fe19c1f 100644 --- a/2014/4xxx/CVE-2014-4892.json +++ b/2014/4xxx/CVE-2014-4892.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#200753", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/200753" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#200753", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/200753" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9304.json b/2014/9xxx/CVE-2014-9304.json index 51af2690e90..82b721cdd63 100644 --- a/2014/9xxx/CVE-2014-9304.json +++ b/2014/9xxx/CVE-2014-9304.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531290" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt" - }, - { - "name" : "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250", - "refsource" : "CONFIRM", - "url" : "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt" + }, + { + "name": "20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531290" + }, + { + "name": "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250", + "refsource": "CONFIRM", + "url": "https://forums.plex.tv/index.php/topic/62832-plex-media-server/?p=583250" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9489.json b/2014/9xxx/CVE-2014-9489.json index f95f2d1c8f2..6a7c9bc3406 100644 --- a/2014/9xxx/CVE-2014-9489.json +++ b/2014/9xxx/CVE-2014-9489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150103 Re: Re: CVE request: remote code execution vulnerability in gollum < 3.1.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/19" - }, - { - "name" : "https://github.com/gollum/gollum/issues/913", - "refsource" : "CONFIRM", - "url" : "https://github.com/gollum/gollum/issues/913" - }, - { - "name" : "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7", - "refsource" : "CONFIRM", - "url" : "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7" - }, - { - "name" : "71499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150103 Re: Re: CVE request: remote code execution vulnerability in gollum < 3.1.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/19" + }, + { + "name": "71499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71499" + }, + { + "name": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7", + "refsource": "CONFIRM", + "url": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7" + }, + { + "name": "https://github.com/gollum/gollum/issues/913", + "refsource": "CONFIRM", + "url": "https://github.com/gollum/gollum/issues/913" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9726.json b/2014/9xxx/CVE-2014-9726.json index 0f1e854f8fc..57796987b38 100644 --- a/2014/9xxx/CVE-2014-9726.json +++ b/2014/9xxx/CVE-2014-9726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3125.json b/2016/3xxx/CVE-2016-3125.json index fcbf28895de..bae1ff4713c 100644 --- a/2016/3xxx/CVE-2016-3125.json +++ b/2016/3xxx/CVE-2016-3125.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160311 ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/11/3" - }, - { - "name" : "[oss-security] 20160311 Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/11/14" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=4230", - "refsource" : "CONFIRM", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=4230" - }, - { - "name" : "http://proftpd.org/docs/NEWS-1.3.5b", - "refsource" : "CONFIRM", - "url" : "http://proftpd.org/docs/NEWS-1.3.5b" - }, - { - "name" : "http://proftpd.org/docs/NEWS-1.3.6rc2", - "refsource" : "CONFIRM", - "url" : "http://proftpd.org/docs/NEWS-1.3.6rc2" - }, - { - "name" : "FEDORA-2016-977d57cf2d", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html" - }, - { - "name" : "FEDORA-2016-f95d8ea3ad", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html" - }, - { - "name" : "FEDORA-2016-ac3587be9a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html" - }, - { - "name" : "openSUSE-SU-2016:1558", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html" - }, - { - "name" : "openSUSE-SU-2016:1334", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1558", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html" + }, + { + "name": "FEDORA-2016-ac3587be9a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html" + }, + { + "name": "[oss-security] 20160311 Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/11/14" + }, + { + "name": "http://proftpd.org/docs/NEWS-1.3.6rc2", + "refsource": "CONFIRM", + "url": "http://proftpd.org/docs/NEWS-1.3.6rc2" + }, + { + "name": "FEDORA-2016-f95d8ea3ad", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html" + }, + { + "name": "http://proftpd.org/docs/NEWS-1.3.5b", + "refsource": "CONFIRM", + "url": "http://proftpd.org/docs/NEWS-1.3.5b" + }, + { + "name": "FEDORA-2016-977d57cf2d", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html" + }, + { + "name": "openSUSE-SU-2016:1334", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=4230", + "refsource": "CONFIRM", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=4230" + }, + { + "name": "[oss-security] 20160311 ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/11/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3495.json b/2016/3xxx/CVE-2016-3495.json index 034f1d63c31..2ee845e14a3 100644 --- a/2016/3xxx/CVE-2016-3495.json +++ b/2016/3xxx/CVE-2016-3495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "GLSA-201701-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-01" - }, - { - "name" : "93670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93670" - }, - { - "name" : "1037050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-01" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93670" + }, + { + "name": "1037050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037050" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3557.json b/2016/3xxx/CVE-2016-3557.json index 84793008b0b..d482763d1f1 100644 --- a/2016/3xxx/CVE-2016-3557.json +++ b/2016/3xxx/CVE-2016-3557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "1036402", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036402", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036402" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3796.json b/2016/3xxx/CVE-2016-3796.json index 68187624b15..c2484998112 100644 --- a/2016/3xxx/CVE-2016-3796.json +++ b/2016/3xxx/CVE-2016-3796.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6518.json b/2016/6xxx/CVE-2016-6518.json index 9cafeebb4bd..222d45ea35e 100644 --- a/2016/6xxx/CVE-2016-6518.json +++ b/2016/6xxx/CVE-2016-6518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-sep-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-sep-en" - }, - { - "name" : "92968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92968" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-sep-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-sep-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7039.json b/2016/7xxx/CVE-2016-7039.json index 80a7b02ef92..2dd52f4799a 100644 --- a/2016/7xxx/CVE-2016-7039.json +++ b/2016/7xxx/CVE-2016-7039.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/10/15" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375944", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375944" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/680412/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/680412/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa134", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa134" - }, - { - "name" : "RHSA-2016:2047", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2047.html" - }, - { - "name" : "RHSA-2016:2107", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2107.html" - }, - { - "name" : "RHSA-2016:2110", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2110.html" - }, - { - "name" : "RHSA-2017:0372", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0372" - }, - { - "name" : "93476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2107", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html" + }, + { + "name": "RHSA-2017:0372", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0372" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa134", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa134" + }, + { + "name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/10/15" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944" + }, + { + "name": "https://patchwork.ozlabs.org/patch/680412/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/680412/" + }, + { + "name": "RHSA-2016:2047", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "RHSA-2016:2110", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html" + }, + { + "name": "93476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93476" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7123.json b/2016/7xxx/CVE-2016-7123.json index 806b4bcf765..ea94544b5b6 100644 --- a/2016/7xxx/CVE-2016-7123.json +++ b/2016/7xxx/CVE-2016-7123.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/bugs/1614841", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/bugs/1614841" - }, - { - "name" : "92732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92732" - }, - { - "name" : "1037160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037160" + }, + { + "name": "92732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92732" + }, + { + "name": "https://bugs.launchpad.net/bugs/1614841", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/bugs/1614841" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7429.json b/2016/7xxx/CVE-2016-7429.json index 243c5541a72..be7bba7ae7f 100644 --- a/2016/7xxx/CVE-2016-7429.json +++ b/2016/7xxx/CVE-2016-7429.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nwtime.org/ntp428p9_release/", - "refsource" : "CONFIRM", - "url" : "http://nwtime.org/ntp428p9_release/" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3072", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3072" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa139", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa139" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "RHSA-2017:0252", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0252.html" - }, - { - "name" : "VU#633847", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/633847" - }, - { - "name" : "94453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94453" - }, - { - "name" : "1037354", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" + }, + { + "name": "RHSA-2017:0252", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" + }, + { + "name": "http://nwtime.org/ntp428p9_release/", + "refsource": "CONFIRM", + "url": "http://nwtime.org/ntp428p9_release/" + }, + { + "name": "VU#633847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/633847" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1037354", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037354" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa139", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa139" + }, + { + "name": "94453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94453" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3072", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3072" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7903.json b/2016/7xxx/CVE-2016-7903.json index a9004f8db8a..480dc18c30c 100644 --- a/2016/7xxx/CVE-2016-7903.json +++ b/2016/7xxx/CVE-2016-7903.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161005 CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/5" - }, - { - "name" : "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3", - "refsource" : "CONFIRM", - "url" : "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3" - }, - { - "name" : "https://hg.dotclear.org/dotclear/rev/bb06343f4247", - "refsource" : "CONFIRM", - "url" : "https://hg.dotclear.org/dotclear/rev/bb06343f4247" - }, - { - "name" : "93439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3", + "refsource": "CONFIRM", + "url": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3" + }, + { + "name": "https://hg.dotclear.org/dotclear/rev/bb06343f4247", + "refsource": "CONFIRM", + "url": "https://hg.dotclear.org/dotclear/rev/bb06343f4247" + }, + { + "name": "93439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93439" + }, + { + "name": "[oss-security] 20161005 CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/5" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8278.json b/2016/8xxx/CVE-2016-8278.json index d00d2cf7919..99b963f01fa 100644 --- a/2016/8xxx/CVE-2016-8278.json +++ b/2016/8xxx/CVE-2016-8278.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-02-firewall-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-02-firewall-en" - }, - { - "name" : "93099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93099" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-02-firewall-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-02-firewall-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8306.json b/2016/8xxx/CVE-2016-8306.json index f59d059ec24..7979aed50ac 100644 --- a/2016/8xxx/CVE-2016-8306.json +++ b/2016/8xxx/CVE-2016-8306.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.4" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.4" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95515" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95515" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8495.json b/2016/8xxx/CVE-2016-8495.json index 6d8417c7a2c..191c2ee67c1 100644 --- a/2016/8xxx/CVE-2016-8495.json +++ b/2016/8xxx/CVE-2016-8495.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2016-8495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FortiManager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.6 to 5.2.7" - }, - { - "version_value" : "5.4.0 to 5.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Credentials exposure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2016-8495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_value": "5.0.6 to 5.2.7" + }, + { + "version_value": "5.4.0 to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-16-055", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-16-055" - }, - { - "name" : "96157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96157" - }, - { - "name" : "1037805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Credentials exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037805" + }, + { + "name": "https://fortiguard.com/advisory/FG-IR-16-055", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-16-055" + }, + { + "name": "96157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96157" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9257.json b/2016/9xxx/CVE-2016-9257.json index 5956814061e..2adcff25abd 100644 --- a/2016/9xxx/CVE-2016-9257.json +++ b/2016/9xxx/CVE-2016-9257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-9257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP APM", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0 through 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Non-authenticated XSS attack against Administrative interface via public interface" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-9257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "12.0.0 through 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K43523962", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K43523962" - }, - { - "name" : "1038416", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Non-authenticated XSS attack against Administrative interface via public interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K43523962", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K43523962" + }, + { + "name": "1038416", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038416" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2993.json b/2019/2xxx/CVE-2019-2993.json index 9b359410e54..f7890cf7bbe 100644 --- a/2019/2xxx/CVE-2019-2993.json +++ b/2019/2xxx/CVE-2019-2993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2993", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2993", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file