diff --git a/2006/1xxx/CVE-2006-1229.json b/2006/1xxx/CVE-2006-1229.json index c7421a9cbe8..b7f320d2879 100644 --- a/2006/1xxx/CVE-2006-1229.json +++ b/2006/1xxx/CVE-2006-1229.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-0914", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0914" - }, - { - "name" : "23802", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23802" - }, - { - "name" : "19191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19191" - }, - { - "name" : "hosting-controller-search-sql-injection(25140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19191" + }, + { + "name": "hosting-controller-search-sql-injection(25140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25140" + }, + { + "name": "23802", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23802" + }, + { + "name": "ADV-2006-0914", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0914" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1372.json b/2006/1xxx/CVE-2006-1372.json index f44e3ba514a..cf2db71bb1b 100644 --- a/2006/1xxx/CVE-2006-1372.json +++ b/2006/1xxx/CVE-2006-1372.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html" - }, - { - "name" : "17193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17193" - }, - { - "name" : "ADV-2006-1040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1040" - }, - { - "name" : "24021", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24021" - }, - { - "name" : "24022", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24022" - }, - { - "name" : "24023", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24023" - }, - { - "name" : "19329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19329" - }, - { - "name" : "1webcalendar-multiple-sql-injection(25373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html" + }, + { + "name": "1webcalendar-multiple-sql-injection(25373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25373" + }, + { + "name": "24023", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24023" + }, + { + "name": "17193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17193" + }, + { + "name": "19329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19329" + }, + { + "name": "ADV-2006-1040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1040" + }, + { + "name": "24021", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24021" + }, + { + "name": "24022", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24022" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1769.json b/2006/1xxx/CVE-2006-1769.json index e96bc318fda..61cb1452458 100644 --- a/2006/1xxx/CVE-2006-1769.json +++ b/2006/1xxx/CVE-2006-1769.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 Manila <= 9.5 - XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430668/100/0/threaded" - }, - { - "name" : "17475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17475" - }, - { - "name" : "24554", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24554" - }, - { - "name" : "19636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19636" - }, - { - "name" : "692", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/692" - }, - { - "name" : "manila-multiple-xss(25753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "manila-multiple-xss(25753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25753" + }, + { + "name": "17475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17475" + }, + { + "name": "24554", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24554" + }, + { + "name": "19636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19636" + }, + { + "name": "692", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/692" + }, + { + "name": "20060411 Manila <= 9.5 - XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430668/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1820.json b/2006/1xxx/CVE-2006-1820.json index 9e4099fbe12..2bbab6164c4 100644 --- a/2006/1xxx/CVE-2006-1820.json +++ b/2006/1xxx/CVE-2006-1820.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060414 Vulnerabilities in MODx", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431010/100/0/threaded" - }, - { - "name" : "17533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17533" - }, - { - "name" : "ADV-2006-1383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1383" - }, - { - "name" : "1015940", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015940" - }, - { - "name" : "19645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19645" - }, - { - "name" : "modx-index-xss(25894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19645" + }, + { + "name": "20060414 Vulnerabilities in MODx", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded" + }, + { + "name": "ADV-2006-1383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1383" + }, + { + "name": "modx-index-xss(25894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25894" + }, + { + "name": "17533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17533" + }, + { + "name": "1015940", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015940" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1872.json b/2006/1xxx/CVE-2006-1872.json index c2f51e9332c..276ba5573a2 100644 --- a/2006/1xxx/CVE-2006-1872.json +++ b/2006/1xxx/CVE-2006-1872.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" - }, - { - "name" : "HPSBMA02113", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "SSRT061148", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "17590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17590" - }, - { - "name" : "ADV-2006-1397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1397" - }, - { - "name" : "ADV-2006-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1571" - }, - { - "name" : "1015961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015961" - }, - { - "name" : "19712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19712" - }, - { - "name" : "19859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19859" - }, - { - "name" : "oracle-database-multiple-unspecified(26068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19712" + }, + { + "name": "19859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19859" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" + }, + { + "name": "ADV-2006-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1571" + }, + { + "name": "17590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17590" + }, + { + "name": "SSRT061148", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "oracle-database-multiple-unspecified(26068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" + }, + { + "name": "ADV-2006-1397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1397" + }, + { + "name": "HPSBMA02113", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "1015961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015961" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5411.json b/2006/5xxx/CVE-2006-5411.json index c577d9f8728..cf32c2a3853 100644 --- a/2006/5xxx/CVE-2006-5411.json +++ b/2006/5xxx/CVE-2006-5411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061005 FreeWPS File Upload Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447870/100/200/threaded" - }, - { - "name" : "20494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20494" - }, - { - "name" : "19343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19343" - }, - { - "name" : "1746", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1746" - }, - { - "name" : "freewps-upload-file-upload(29379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freewps-upload-file-upload(29379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29379" + }, + { + "name": "20061005 FreeWPS File Upload Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447870/100/200/threaded" + }, + { + "name": "19343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19343" + }, + { + "name": "20494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20494" + }, + { + "name": "1746", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1746" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5681.json b/2006/5xxx/CVE-2006-5681.json index e40eb1980ba..dd69e8f03f5 100644 --- a/2006/5xxx/CVE-2006-5681.json +++ b/2006/5xxx/CVE-2006-5681.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304916", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=304916" - }, - { - "name" : "APPLE-SA-2006-12-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2006/Dec/msg00000.html" - }, - { - "name" : "21672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21672" - }, - { - "name" : "ADV-2006-5072", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5072" - }, - { - "name" : "32380", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32380" - }, - { - "name" : "1017402", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017402" - }, - { - "name" : "23438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32380", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32380" + }, + { + "name": "1017402", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017402" + }, + { + "name": "23438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23438" + }, + { + "name": "ADV-2006-5072", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5072" + }, + { + "name": "21672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21672" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304916", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=304916" + }, + { + "name": "APPLE-SA-2006-12-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2006/Dec/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5943.json b/2006/5xxx/CVE-2006-5943.json index 4eb23c205a5..94897433325 100644 --- a/2006/5xxx/CVE-2006-5943.json +++ b/2006/5xxx/CVE-2006-5943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 Inventory Manager [injection sql & xss (get)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451553/100/0/threaded" - }, - { - "name" : "21069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21069" - }, - { - "name" : "22915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22915" - }, - { - "name" : "1875", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1875" - }, - { - "name" : "inventorymanager-imager-sql-injection(30275)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061114 Inventory Manager [injection sql & xss (get)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451553/100/0/threaded" + }, + { + "name": "inventorymanager-imager-sql-injection(30275)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30275" + }, + { + "name": "1875", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1875" + }, + { + "name": "22915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22915" + }, + { + "name": "21069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21069" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2028.json b/2007/2xxx/CVE-2007-2028.json index 20821e2cd1f..4ab41df3378 100644 --- a/2007/2xxx/CVE-2007-2028.json +++ b/2007/2xxx/CVE-2007-2028.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.freeradius.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.freeradius.org/security.html" - }, - { - "name" : "GLSA-200704-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200704-14.xml" - }, - { - "name" : "MDKSA-2007:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085" - }, - { - "name" : "RHSA-2007:0338", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0338.html" - }, - { - "name" : "SUSE-SR:2007:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_10_sr.html" - }, - { - "name" : "2007-0013", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0013/" - }, - { - "name" : "23466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23466" - }, - { - "name" : "oval:org.mitre.oval:def:11156", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156" - }, - { - "name" : "ADV-2007-1369", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1369" - }, - { - "name" : "1018042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018042" - }, - { - "name" : "24849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24849" - }, - { - "name" : "24907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24907" - }, - { - "name" : "24917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24917" - }, - { - "name" : "24996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24996" - }, - { - "name" : "25201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25201" - }, - { - "name" : "25220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2007-0013", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0013/" + }, + { + "name": "oval:org.mitre.oval:def:11156", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156" + }, + { + "name": "MDKSA-2007:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085" + }, + { + "name": "GLSA-200704-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200704-14.xml" + }, + { + "name": "24996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24996" + }, + { + "name": "ADV-2007-1369", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1369" + }, + { + "name": "RHSA-2007:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0338.html" + }, + { + "name": "24849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24849" + }, + { + "name": "23466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23466" + }, + { + "name": "24917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24917" + }, + { + "name": "http://www.freeradius.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.freeradius.org/security.html" + }, + { + "name": "SUSE-SR:2007:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_10_sr.html" + }, + { + "name": "25201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25201" + }, + { + "name": "24907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24907" + }, + { + "name": "25220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25220" + }, + { + "name": "1018042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018042" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2094.json b/2007/2xxx/CVE-2007-2094.json index ece96ebdc10..7dbb8b500e3 100644 --- a/2007/2xxx/CVE-2007-2094.json +++ b/2007/2xxx/CVE-2007-2094.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3751", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3751" - }, - { - "name" : "23524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23524" - }, - { - "name" : "ADV-2007-1427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1427" - }, - { - "name" : "34083", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34083" - }, - { - "name" : "24908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24908" - }, - { - "name" : "anthologia-adsfile-file-include(33705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34083", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34083" + }, + { + "name": "24908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24908" + }, + { + "name": "23524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23524" + }, + { + "name": "anthologia-adsfile-file-include(33705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33705" + }, + { + "name": "ADV-2007-1427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1427" + }, + { + "name": "3751", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3751" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6119.json b/2007/6xxx/CVE-2007-6119.json index 9bbe0600a4a..dce5c8ba110 100644 --- a/2007/6xxx/CVE-2007-6119.json +++ b/2007/6xxx/CVE-2007-6119.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "FEDORA-2007-4590", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" - }, - { - "name" : "FEDORA-2007-4690", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "26532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26532" - }, - { - "name" : "oval:org.mitre.oval:def:9880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9880" - }, - { - "name" : "oval:org.mitre.oval:def:14721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14721" - }, - { - "name" : "ADV-2007-3956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3956" - }, - { - "name" : "1018988", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018988" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "28197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28197" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28207" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "26532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26532" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "oval:org.mitre.oval:def:9880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9880" + }, + { + "name": "1018988", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018988" + }, + { + "name": "FEDORA-2007-4690", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "ADV-2007-3956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3956" + }, + { + "name": "28197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28197" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "oval:org.mitre.oval:def:14721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14721" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + }, + { + "name": "28207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28207" + }, + { + "name": "FEDORA-2007-4590", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6344.json b/2007/6xxx/CVE-2007-6344.json index cdda8acfe61..45e627367d8 100644 --- a/2007/6xxx/CVE-2007-6344.json +++ b/2007/6xxx/CVE-2007-6344.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4719", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4719" - }, - { - "name" : "26821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26821" - }, - { - "name" : "ADV-2007-4209", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4209" - }, - { - "name" : "39139", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39139" - }, - { - "name" : "28053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28053" - }, - { - "name" : "mcmseasywebmake-index-file-include(38976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4209", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4209" + }, + { + "name": "39139", + "refsource": "OSVDB", + "url": "http://osvdb.org/39139" + }, + { + "name": "28053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28053" + }, + { + "name": "4719", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4719" + }, + { + "name": "26821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26821" + }, + { + "name": "mcmseasywebmake-index-file-include(38976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38976" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0342.json b/2010/0xxx/CVE-2010-0342.json index a8fc5ad8dc2..4812168bfff 100644 --- a/2010/0xxx/CVE-2010-0342.json +++ b/2010/0xxx/CVE-2010-0342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0390.json b/2010/0xxx/CVE-2010-0390.json index 6b946630734..ea4b856ed57 100644 --- a/2010/0xxx/CVE-2010-0390.json +++ b/2010/0xxx/CVE-2010-0390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11169", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11169" - }, - { - "name" : "61808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61808" - }, - { - "name" : "38018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38018" + }, + { + "name": "61808", + "refsource": "OSVDB", + "url": "http://osvdb.org/61808" + }, + { + "name": "11169", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11169" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0566.json b/2010/0xxx/CVE-2010-0566.json index 454dd64539b..509d3ff8969 100644 --- a/2010/0xxx/CVE-2010-0566.json +++ b/2010/0xxx/CVE-2010-0566.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml" - }, - { - "name" : "38278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38278" - }, - { - "name" : "62431", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62431" - }, - { - "name" : "1023612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023612" - }, - { - "name" : "38618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38618" - }, - { - "name" : "ADV-2010-0415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0415" - }, - { - "name" : "cisco-asa-nat-aipssm-dos(56340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml" + }, + { + "name": "38618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38618" + }, + { + "name": "cisco-asa-nat-aipssm-dos(56340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56340" + }, + { + "name": "62431", + "refsource": "OSVDB", + "url": "http://osvdb.org/62431" + }, + { + "name": "1023612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023612" + }, + { + "name": "38278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38278" + }, + { + "name": "ADV-2010-0415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0415" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0843.json b/2010/0xxx/CVE-2010-0843.json index ed7215307f3..c381c7f4e01 100644 --- a/2010/0xxx/CVE-2010-0843.json +++ b/2010/0xxx/CVE-2010-0843.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100405 ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2010/Apr/41" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-052/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-052/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html" - }, - { - "name" : "RHSA-2010:0471", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html" - }, - { - "name" : "RHSA-2010:0489", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0489.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "39083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39083" - }, - { - "name" : "63492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63492" - }, - { - "name" : "oval:org.mitre.oval:def:14092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "39659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39659" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "40211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40211" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - }, - { - "name" : "ADV-2010-1454", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1454" - }, - { - "name" : "ADV-2010-1523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1523" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "RHSA-2010:0383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-052/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-052/" + }, + { + "name": "ADV-2010-1454", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1454" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "39083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39083" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "63492", + "refsource": "OSVDB", + "url": "http://osvdb.org/63492" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "ADV-2010-1523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1523" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "39659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39659" + }, + { + "name": "oval:org.mitre.oval:def:14092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092" + }, + { + "name": "RHSA-2010:0471", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "RHSA-2010:0489", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0489.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "40211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40211" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "20100405 ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2010/Apr/41" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0870.json b/2010/0xxx/CVE-2010-0870.json index 01dd1810050..ce4c2753779 100644 --- a/2010/0xxx/CVE-2010-0870.json +++ b/2010/0xxx/CVE-2010-0870.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "39438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39438" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1004.json b/2010/1xxx/CVE-2010-1004.json index d82be213cf2..2aa2ec8afbf 100644 --- a/2010/1xxx/CVE-2010-1004.json +++ b/2010/1xxx/CVE-2010-1004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/yatse/0.3.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/yatse/0.3.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/" + }, + { + "name": "38808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38808" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1574.json b/2010/1xxx/CVE-2010-1574.json index 351c8d247e6..7e1cb321221 100644 --- a/2010/1xxx/CVE-2010-1574.json +++ b/2010/1xxx/CVE-2010-1574.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100707 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml" - }, - { - "name" : "VU#732671", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/732671" - }, - { - "name" : "41436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41436" - }, - { - "name" : "66120", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66120" - }, - { - "name" : "1024173", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024173" - }, - { - "name" : "40407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40407" - }, - { - "name" : "ADV-2010-1754", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1754" - }, - { - "name" : "cisco-industrial-snmp-unauth-access(60145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40407" + }, + { + "name": "1024173", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024173" + }, + { + "name": "20100707 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.shtml" + }, + { + "name": "VU#732671", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/732671" + }, + { + "name": "ADV-2010-1754", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1754" + }, + { + "name": "41436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41436" + }, + { + "name": "66120", + "refsource": "OSVDB", + "url": "http://osvdb.org/66120" + }, + { + "name": "cisco-industrial-snmp-unauth-access(60145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60145" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1798.json b/2010/1xxx/CVE-2010-1798.json index 05c2030291f..d6ce93a7c47 100644 --- a/2010/1xxx/CVE-2010-1798.json +++ b/2010/1xxx/CVE-2010-1798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4376.json b/2010/4xxx/CVE-2010-4376.json index e0a57c5f14e..1d5d1bbc8db 100644 --- a/2010/4xxx/CVE-2010-4376.json +++ b/2010/4xxx/CVE-2010-4376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-271", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-271" - }, - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "45411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45411" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-271", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-271" + }, + { + "name": "45411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45411" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4672.json b/2010/4xxx/CVE-2010-4672.json index 26c1d61edde..63a03639f76 100644 --- a/2010/4xxx/CVE-2010-4672.json +++ b/2010/4xxx/CVE-2010-4672.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" - }, - { - "name" : "45767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45767" - }, - { - "name" : "1024963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024963" - }, - { - "name" : "42931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42931" - }, - { - "name" : "cisco-asa-eigrp-dos(64694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024963" + }, + { + "name": "cisco-asa-eigrp-dos(64694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64694" + }, + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" + }, + { + "name": "45767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45767" + }, + { + "name": "42931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42931" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4887.json b/2010/4xxx/CVE-2010-4887.json index 281115da20e..fd9976576ad 100644 --- a/2010/4xxx/CVE-2010-4887.json +++ b/2010/4xxx/CVE-2010-4887.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0107.json b/2014/0xxx/CVE-2014-0107.json index 4ec857c76d9..34016191697 100644 --- a/2014/0xxx/CVE-2014-0107.json +++ b/2014/0xxx/CVE-2014-0107.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ocert.org/advisories/ocert-2014-002.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2014-002.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1581058", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1581058" - }, - { - "name" : "https://issues.apache.org/jira/browse/XALANJ-2435", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/XALANJ-2435" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677145" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680703" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681933" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674334" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676093" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21677967", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21677967" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-15", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-15" - }, - { - "name" : "DSA-2886", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2886" - }, - { - "name" : "GLSA-201604-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-02" - }, - { - "name" : "RHSA-2014:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" - }, - { - "name" : "RHSA-2014:0348", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0348.html" - }, - { - "name" : "RHSA-2015:1888", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1888.html" - }, - { - "name" : "66397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66397" - }, - { - "name" : "1034711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034711" - }, - { - "name" : "1034716", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034716" - }, - { - "name" : "57563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57563" - }, - { - "name" : "59369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59369" - }, - { - "name" : "59036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59036" - }, - { - "name" : "59711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59711" - }, - { - "name" : "60502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60502" - }, - { - "name" : "59151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59151" - }, - { - "name" : "59247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59247" - }, - { - "name" : "59290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59290" - }, - { - "name" : "59291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59291" - }, - { - "name" : "59515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59515" - }, - { - "name" : "apache-xalanjava-cve20140107-sec-bypass(92023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/XALANJ-2435", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/XALANJ-2435" + }, + { + "name": "GLSA-201604-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-02" + }, + { + "name": "59291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59291" + }, + { + "name": "59290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59290" + }, + { + "name": "RHSA-2015:1888", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" + }, + { + "name": "59151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59151" + }, + { + "name": "59247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59247" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" + }, + { + "name": "59515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59515" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21677967", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21677967" + }, + { + "name": "https://www.tenable.com/security/tns-2018-15", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-15" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "DSA-2886", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2886" + }, + { + "name": "60502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60502" + }, + { + "name": "59369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59369" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334" + }, + { + "name": "59711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59711" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2014-002.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2014-002.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1581058", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1581058" + }, + { + "name": "57563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57563" + }, + { + "name": "66397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66397" + }, + { + "name": "1034711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034711" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703" + }, + { + "name": "1034716", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034716" + }, + { + "name": "RHSA-2014:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "name": "RHSA-2014:0348", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0348.html" + }, + { + "name": "59036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59036" + }, + { + "name": "apache-xalanjava-cve20140107-sec-bypass(92023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0308.json b/2014/0xxx/CVE-2014-0308.json index 3e356148c49..85865c1230a 100644 --- a/2014/0xxx/CVE-2014-0308.json +++ b/2014/0xxx/CVE-2014-0308.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0850.json b/2014/0xxx/CVE-2014-0850.json index 43f80cd9fc2..e27a1752a36 100644 --- a/2014/0xxx/CVE-2014-0850.json +++ b/2014/0xxx/CVE-2014-0850.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666119", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666119" - }, - { - "name" : "ibm-mdm-rdm-cve20140850-xss(90751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-mdm-rdm-cve20140850-xss(90751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90751" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666119", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666119" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10074.json b/2014/10xxx/CVE-2014-10074.json index bae15b883ac..cfb3fa5d8d8 100644 --- a/2014/10xxx/CVE-2014-10074.json +++ b/2014/10xxx/CVE-2014-10074.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.umbraco.org/issue/U4-5901", - "refsource" : "MISC", - "url" : "http://issues.umbraco.org/issue/U4-5901" - }, - { - "name" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", - "refsource" : "MISC", - "url" : "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39", + "refsource": "MISC", + "url": "https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39" + }, + { + "name": "http://issues.umbraco.org/issue/U4-5901", + "refsource": "MISC", + "url": "http://issues.umbraco.org/issue/U4-5901" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1658.json b/2014/1xxx/CVE-2014-1658.json index 386eb6e9a6b..c595fdd5b4f 100644 --- a/2014/1xxx/CVE-2014-1658.json +++ b/2014/1xxx/CVE-2014-1658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1658", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1658", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4018.json b/2014/4xxx/CVE-2014-4018.json index c30142c13aa..4486406c16b 100644 --- a/2014/4xxx/CVE-2014-4018.json +++ b/2014/4xxx/CVE-2014-4018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33803", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33803" - }, - { - "name" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" - }, - { - "name" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" + }, + { + "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/" + }, + { + "name": "33803", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33803" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4122.json b/2014/4xxx/CVE-2014-4122.json index 0a3d0a33684..d1c0406db87 100644 --- a/2014/4xxx/CVE-2014-4122.json +++ b/2014/4xxx/CVE-2014-4122.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka \".NET ASLR Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057" - }, - { - "name" : "70312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70312" - }, - { - "name" : "1031021", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031021" - }, - { - "name" : "60969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka \".NET ASLR Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057" + }, + { + "name": "60969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60969" + }, + { + "name": "70312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70312" + }, + { + "name": "1031021", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031021" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4828.json b/2014/4xxx/CVE-2014-4828.json index ff2fd9b1dca..7b1486b6220 100644 --- a/2014/4xxx/CVE-2014-4828.json +++ b/2014/4xxx/CVE-2014-4828.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686478", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686478" - }, - { - "name" : "ibm-qvm-cve20144828-clickjacking(95578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686478", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686478" + }, + { + "name": "ibm-qvm-cve20144828-clickjacking(95578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95578" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4874.json b/2014/4xxx/CVE-2014-4874.json index af83a1ec543..ea76bbed399 100644 --- a/2014/4xxx/CVE-2014-4874.json +++ b/2014/4xxx/CVE-2014-4874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt" - }, - { - "name" : "VU#121036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/121036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html" + }, + { + "name": "VU#121036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/121036" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4880.json b/2014/4xxx/CVE-2014-4880.json index 5c5c02d25cc..43abf6c8aff 100644 --- a/2014/4xxx/CVE-2014-4880.json +++ b/2014/4xxx/CVE-2014-4880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35356", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35356" - }, - { - "name" : "http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35356", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35356" + }, + { + "name": "http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4996.json b/2014/4xxx/CVE-2014-4996.json index d57f44101e1..ae2fce28032 100644 --- a/2014/4xxx/CVE-2014-4996.json +++ b/2014/4xxx/CVE-2014-4996.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/14" - }, - { - "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html" - }, - { - "name" : "68731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68731" - }, - { - "name" : "vladtheenterprising-cve20144996-sec-bypass(94744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68731" + }, + { + "name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/5" + }, + { + "name": "vladtheenterprising-cve20144996-sec-bypass(94744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744" + }, + { + "name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/07/14" + }, + { + "name": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9052.json b/2014/9xxx/CVE-2014-9052.json index 2d182b51754..b9cd8ad12d6 100644 --- a/2014/9xxx/CVE-2014-9052.json +++ b/2014/9xxx/CVE-2014-9052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9346.json b/2014/9xxx/CVE-2014-9346.json index 3c56d79841d..0f738b62737 100644 --- a/2014/9xxx/CVE-2014-9346.json +++ b/2014/9xxx/CVE-2014-9346.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the (1) taxonomy term title for instances with Save term lineage enabled or (2) entity type fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2386615", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2386615" - }, - { - "name" : "https://www.drupal.org/node/2385933", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2385933" - }, - { - "name" : "60511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60511" - }, - { - "name" : "hierarchicalselect-hierarchicalselect-xss(99136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the (1) taxonomy term title for instances with Save term lineage enabled or (2) entity type fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hierarchicalselect-hierarchicalselect-xss(99136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99136" + }, + { + "name": "https://www.drupal.org/node/2385933", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2385933" + }, + { + "name": "https://www.drupal.org/node/2386615", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2386615" + }, + { + "name": "60511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60511" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9519.json b/2014/9xxx/CVE-2014-9519.json index 18d6ec0443e..4531f501d98 100644 --- a/2014/9xxx/CVE-2014-9519.json +++ b/2014/9xxx/CVE-2014-9519.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141210 Multiple vulnerabilities in InfiniteWP Admin Panel", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/43" - }, - { - "name" : "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/", + "refsource": "MISC", + "url": "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/" + }, + { + "name": "20141210 Multiple vulnerabilities in InfiniteWP Admin Panel", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/43" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9994.json b/2014/9xxx/CVE-2014-9994.json index baea35a7690..227dbd40275 100644 --- a/2014/9xxx/CVE-2014-9994.json +++ b/2014/9xxx/CVE-2014-9994.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-9994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 400, SD 800" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow vulnerability in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-9994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 400, SD 800" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow vulnerability in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3053.json b/2016/3xxx/CVE-2016-3053.json index cbba741e721..3ecafa4c662 100644 --- a/2016/3xxx/CVE-2016-3053.json +++ b/2016/3xxx/CVE-2016-3053.json @@ -1,239 +1,239 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AIX", - "version" : { - "version_data" : [ - { - "version_value" : "3.4" - }, - { - "version_value" : "3.2.0" - }, - { - "version_value" : "4.1.1" - }, - { - "version_value" : "4.1.2" - }, - { - "version_value" : "4.1.3" - }, - { - "version_value" : "4.1.4" - }, - { - "version_value" : "4.1.5" - }, - { - "version_value" : "4.2.0" - }, - { - "version_value" : "4.2.1.12" - }, - { - "version_value" : "430" - }, - { - "version_value" : "5" - }, - { - "version_value" : "5.1L" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2 L" - }, - { - "version_value" : "5.3 L" - }, - { - "version_value" : "5.3.7" - }, - { - "version_value" : "4.3" - }, - { - "version_value" : "4.3.2" - }, - { - "version_value" : "4" - }, - { - "version_value" : "5.2" - }, - { - "version_value" : "4.3.1" - }, - { - "version_value" : "4.3.3.10" - }, - { - "version_value" : "3.1" - }, - { - "version_value" : "4.2.1" - }, - { - "version_value" : "4.2" - }, - { - "version_value" : "2.2.1" - }, - { - "version_value" : "5.1" - }, - { - "version_value" : "4.3.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "3.2.5" - }, - { - "version_value" : "3.2" - }, - { - "version_value" : "3.2.4" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "5.3" - }, - { - "version_value" : "5.2.0.50" - }, - { - "version_value" : "5.2.0.54" - }, - { - "version_value" : "5.3.0.10" - }, - { - "version_value" : "5.3.0.20" - }, - { - "version_value" : "5.2.0" - }, - { - "version_value" : "5.3.0" - }, - { - "version_value" : "5.3.8" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.1.2" - }, - { - "version_value" : "5.3.9" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "1.2.1" - }, - { - "version_value" : "1.3" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "4.3.0" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.3" - }, - { - "version_value" : "5.3_ml03" - }, - { - "version_value" : "5L" - }, - { - "version_value" : "7.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AIX", + "version": { + "version_data": [ + { + "version_value": "3.4" + }, + { + "version_value": "3.2.0" + }, + { + "version_value": "4.1.1" + }, + { + "version_value": "4.1.2" + }, + { + "version_value": "4.1.3" + }, + { + "version_value": "4.1.4" + }, + { + "version_value": "4.1.5" + }, + { + "version_value": "4.2.0" + }, + { + "version_value": "4.2.1.12" + }, + { + "version_value": "430" + }, + { + "version_value": "5" + }, + { + "version_value": "5.1L" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2 L" + }, + { + "version_value": "5.3 L" + }, + { + "version_value": "5.3.7" + }, + { + "version_value": "4.3" + }, + { + "version_value": "4.3.2" + }, + { + "version_value": "4" + }, + { + "version_value": "5.2" + }, + { + "version_value": "4.3.1" + }, + { + "version_value": "4.3.3.10" + }, + { + "version_value": "3.1" + }, + { + "version_value": "4.2.1" + }, + { + "version_value": "4.2" + }, + { + "version_value": "2.2.1" + }, + { + "version_value": "5.1" + }, + { + "version_value": "4.3.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "3.2.5" + }, + { + "version_value": "3.2" + }, + { + "version_value": "3.2.4" + }, + { + "version_value": "6.1" + }, + { + "version_value": "5.3" + }, + { + "version_value": "5.2.0.50" + }, + { + "version_value": "5.2.0.54" + }, + { + "version_value": "5.3.0.10" + }, + { + "version_value": "5.3.0.20" + }, + { + "version_value": "5.2.0" + }, + { + "version_value": "5.3.0" + }, + { + "version_value": "5.3.8" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.1.2" + }, + { + "version_value": "5.3.9" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "7.1" + }, + { + "version_value": "1.2.1" + }, + { + "version_value": "1.3" + }, + { + "version_value": "4.0" + }, + { + "version_value": "4.3.0" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.3" + }, + { + "version_value": "5.3_ml03" + }, + { + "version_value": "5L" + }, + { + "version_value": "7.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40709", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40709/" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc" - }, - { - "name" : "93605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93605" - }, - { - "name" : "1037030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93605" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc" + }, + { + "name": "40709", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40709/" + }, + { + "name": "1037030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037030" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3298.json b/2016/3xxx/CVE-2016-3298.json index 27c4184fea4..d9e467e74b2 100644 --- a/2016/3xxx/CVE-2016-3298.json +++ b/2016/3xxx/CVE-2016-3298.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-118", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" - }, - { - "name" : "MS16-126", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126" - }, - { - "name" : "93392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93392" - }, - { - "name" : "1036992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-118", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" + }, + { + "name": "MS16-126", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126" + }, + { + "name": "93392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93392" + }, + { + "name": "1036992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036992" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3661.json b/2016/3xxx/CVE-2016-3661.json index 68678ad7b76..464f515ab78 100644 --- a/2016/3xxx/CVE-2016-3661.json +++ b/2016/3xxx/CVE-2016-3661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3701.json b/2016/3xxx/CVE-2016-3701.json index 11a303f940e..65df84c8c2e 100644 --- a/2016/3xxx/CVE-2016-3701.json +++ b/2016/3xxx/CVE-2016-3701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6179.json b/2016/6xxx/CVE-2016-6179.json index 8dffbad5c51..52634740624 100644 --- a/2016/6xxx/CVE-2016-6179.json +++ b/2016/6xxx/CVE-2016-6179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-smartphone-en" - }, - { - "name" : "91773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91773" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6534.json b/2016/6xxx/CVE-2016-6534.json index 611309228a9..56a34ba6ea0 100644 --- a/2016/6xxx/CVE-2016-6534.json +++ b/2016/6xxx/CVE-2016-6534.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Opmantek NMIS before 8.5.12G", - "version" : { - "version_data" : [ - { - "version_value" : "Opmantek NMIS before 8.5.12G" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Opmantek NMIS before 8.5.12G", + "version": { + "version_data": [ + { + "version_value": "Opmantek NMIS before 8.5.12G" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7097.json b/2016/7xxx/CVE-2016-7097.json index 9f026b61e18..9b42c34bac0 100644 --- a/2016/7xxx/CVE-2016-7097.json +++ b/2016/7xxx/CVE-2016-7097.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/linux-fsdevel/msg98328.html" - }, - { - "name" : "[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2" - }, - { - "name" : "[oss-security] 20160826 Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/26/3" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1368938", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" - }, - { - "name" : "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "RHSA-2017:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "name" : "RHSA-2017:0817", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0817.html" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "USN-3146-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3146-1" - }, - { - "name" : "USN-3146-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3146-2" - }, - { - "name" : "USN-3147-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3147-1" - }, - { - "name" : "92659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92659" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3146-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3146-2" + }, + { + "name": "USN-3146-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3146-1" + }, + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "92659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92659" + }, + { + "name": "RHSA-2017:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2669" + }, + { + "name": "[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/linux-fsdevel/msg98328.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef" + }, + { + "name": "[oss-security] 20160826 Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/26/3" + }, + { + "name": "RHSA-2017:0817", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" + }, + { + "name": "USN-3147-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3147-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" + }, + { + "name": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + }, + { + "name": "[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7411.json b/2016/7xxx/CVE-2016-7411.json index 436c0ef26db..006c5229780 100644 --- a/2016/7xxx/CVE-2016-7411.json +++ b/2016/7xxx/CVE-2016-7411.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/10" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73052", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73052" - }, - { - "name" : "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "93009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93009" - }, - { - "name" : "1036836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "1036836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036836" + }, + { + "name": "https://bugs.php.net/bug.php?id=73052", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73052" + }, + { + "name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10" + }, + { + "name": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "93009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93009" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7552.json b/2016/7xxx/CVE-2016-7552.json index 5aebce9eb28..98b3cd371f4 100644 --- a/2016/7xxx/CVE-2016-7552.json +++ b/2016/7xxx/CVE-2016-7552.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6" - }, - { - "name" : "97599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6" + }, + { + "name": "97599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97599" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7663.json b/2016/7xxx/CVE-2016-7663.json index aee9dfed6be..eccdc46bcb8 100644 --- a/2016/7xxx/CVE-2016-7663.json +++ b/2016/7xxx/CVE-2016-7663.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreFoundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreFoundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7891.json b/2016/7xxx/CVE-2016-7891.json index 154f215116e..0f85a8aa781 100644 --- a/2016/7xxx/CVE-2016-7891.json +++ b/2016/7xxx/CVE-2016-7891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/robohelp/apsb16-46.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/robohelp/apsb16-46.html" - }, - { - "name" : "94878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94878" - }, - { - "name" : "1037456", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94878" + }, + { + "name": "https://helpx.adobe.com/security/products/robohelp/apsb16-46.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/robohelp/apsb16-46.html" + }, + { + "name": "1037456", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037456" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7902.json b/2016/7xxx/CVE-2016-7902.json index e6d7cce708f..678678d8b00 100644 --- a/2016/7xxx/CVE-2016-7902.json +++ b/2016/7xxx/CVE-2016-7902.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161005 CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/6" - }, - { - "name" : "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3", - "refsource" : "CONFIRM", - "url" : "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3" - }, - { - "name" : "https://hg.dotclear.org/dotclear/rev/a9db771a5a70", - "refsource" : "CONFIRM", - "url" : "https://hg.dotclear.org/dotclear/rev/a9db771a5a70" - }, - { - "name" : "93440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161005 CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/6" + }, + { + "name": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3", + "refsource": "CONFIRM", + "url": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3" + }, + { + "name": "https://hg.dotclear.org/dotclear/rev/a9db771a5a70", + "refsource": "CONFIRM", + "url": "https://hg.dotclear.org/dotclear/rev/a9db771a5a70" + }, + { + "name": "93440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93440" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8287.json b/2016/8xxx/CVE-2016-8287.json index 018231af4ca..d92020c72d2 100644 --- a/2016/8xxx/CVE-2016-8287.json +++ b/2016/8xxx/CVE-2016-8287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "GLSA-201701-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-01" - }, - { - "name" : "93727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93727" - }, - { - "name" : "1037050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-01" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93727" + }, + { + "name": "1037050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037050" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8367.json b/2016/8xxx/CVE-2016-8367.json index 633e97052a8..8af479b445a 100644 --- a/2016/8xxx/CVE-2016-8367.json +++ b/2016/8xxx/CVE-2016-8367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schneider Electric Magelis HMI", - "version" : { - "version_data" : [ - { - "version_value" : "Schneider Electric Magelis HMI" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Schneider Electric Magelis HMI Resource Consumption" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schneider Electric Magelis HMI", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric Magelis HMI" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02" - }, - { - "name" : "94093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Schneider Electric Magelis HMI Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02" + }, + { + "name": "94093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94093" + } + ] + } +} \ No newline at end of file