diff --git a/2006/1xxx/CVE-2006-1912.json b/2006/1xxx/CVE-2006-1912.json index 97a37fd7262..2e8092e0784 100644 --- a/2006/1xxx/CVE-2006-1912.json +++ b/2006/1xxx/CVE-2006-1912.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060415 [KAPDA]MyBB1.1.0~global.php~ParameterExtracting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431061/30/5580/threaded" - }, - { - "name" : "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=8232", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=8232" - }, - { - "name" : "ADV-2006-1381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1381" - }, - { - "name" : "24710", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24710" - }, - { - "name" : "24711", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24711" - }, - { - "name" : "19668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19668" - }, - { - "name" : "mybb-global-init-data-manipulation(25865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-global-init-data-manipulation(25865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865" + }, + { + "name": "24710", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24710" + }, + { + "name": "19668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19668" + }, + { + "name": "ADV-2006-1381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1381" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=8232", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=8232" + }, + { + "name": "20060415 [KAPDA]MyBB1.1.0~global.php~ParameterExtracting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded" + }, + { + "name": "24711", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24711" + }, + { + "name": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5126.json b/2006/5xxx/CVE-2006-5126.json index c7e63011d50..61ec09f3376 100644 --- a/2006/5xxx/CVE-2006-5126.json +++ b/2006/5xxx/CVE-2006-5126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2454", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2454" - }, - { - "name" : "20262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20262" - }, - { - "name" : "22209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22209" - }, - { - "name" : "powerportal-index-file-include(29264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22209" + }, + { + "name": "powerportal-index-file-include(29264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29264" + }, + { + "name": "20262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20262" + }, + { + "name": "2454", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2454" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5272.json b/2006/5xxx/CVE-2006-5272.json index 11633664d3b..1b2162dbdcd 100644 --- a/2006/5xxx/CVE-2006-5272.json +++ b/2006/5xxx/CVE-2006-5272.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/269.html" - }, - { - "name" : "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html" - }, - { - "name" : "24863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24863" - }, - { - "name" : "ADV-2007-2498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2498" - }, - { - "name" : "36099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36099" - }, - { - "name" : "1018363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018363" - }, - { - "name" : "26029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26029" - }, - { - "name" : "security-management-ping-bo(31163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2498" + }, + { + "name": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html" + }, + { + "name": "security-management-ping-bo(31163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31163" + }, + { + "name": "1018363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018363" + }, + { + "name": "36099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36099" + }, + { + "name": "26029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26029" + }, + { + "name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution", + "refsource": "ISS", + "url": "http://www.iss.net/threats/269.html" + }, + { + "name": "24863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24863" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5438.json b/2006/5xxx/CVE-2006-5438.json index 00f7206588c..8871d0226a6 100644 --- a/2006/5xxx/CVE-2006-5438.json +++ b/2006/5xxx/CVE-2006-5438.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4104", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4104" - }, - { - "name" : "29844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29844" - }, - { - "name" : "22464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22464" - }, - { - "name" : "comdev-include-file-include(29220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29844" + }, + { + "name": "ADV-2006-4104", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4104" + }, + { + "name": "comdev-include-file-include(29220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29220" + }, + { + "name": "22464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22464" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5830.json b/2006/5xxx/CVE-2006-5830.json index 6cafbbd945a..b26bba76a62 100644 --- a/2006/5xxx/CVE-2006-5830.json +++ b/2006/5xxx/CVE-2006-5830.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450701/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=478370", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=478370" - }, - { - "name" : "20931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20931" - }, - { - "name" : "ADV-2006-4378", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4378" - }, - { - "name" : "22719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22719" - }, - { - "name" : "1839", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1839" - }, - { - "name" : "aiocp-topid-xss(30045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30045" - }, - { - "name" : "aiocp-userprofile-xss(30048)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4378", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4378" + }, + { + "name": "20061106 AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450701/100/0/threaded" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=478370", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=478370" + }, + { + "name": "aiocp-topid-xss(30045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30045" + }, + { + "name": "aiocp-userprofile-xss(30048)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30048" + }, + { + "name": "1839", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1839" + }, + { + "name": "22719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22719" + }, + { + "name": "20931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20931" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5945.json b/2006/5xxx/CVE-2006-5945.json index ad4b8406339..23aa5ced4d7 100644 --- a/2006/5xxx/CVE-2006-5945.json +++ b/2006/5xxx/CVE-2006-5945.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 Car Site Manager [injection sql & xss (get)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451557/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=17", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=17" - }, - { - "name" : "21066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21066" - }, - { - "name" : "ADV-2006-4532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4532" - }, - { - "name" : "22914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22914" - }, - { - "name" : "1876", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1876" - }, - { - "name" : "carsitemanager-listings-sql-injection(30273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061114 Car Site Manager [injection sql & xss (get)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451557/100/0/threaded" + }, + { + "name": "22914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22914" + }, + { + "name": "carsitemanager-listings-sql-injection(30273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30273" + }, + { + "name": "1876", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1876" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=17", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=17" + }, + { + "name": "ADV-2006-4532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4532" + }, + { + "name": "21066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21066" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2270.json b/2007/2xxx/CVE-2007-2270.json index cdd91ad5861..f62886f6bf0 100644 --- a/2007/2xxx/CVE-2007-2270.json +++ b/2007/2xxx/CVE-2007-2270.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070424 Linksys SPA941 remote DOS with \\377 character", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.html" - }, - { - "name" : "3791", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3791" - }, - { - "name" : "3792", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3792" - }, - { - "name" : "23619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23619" - }, - { - "name" : "ADV-2007-1532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1532" - }, - { - "name" : "1017957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017957" - }, - { - "name" : "25031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25031" - }, - { - "name" : "linksys-spa941-sip-dos(33856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3791", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3791" + }, + { + "name": "20070424 Linksys SPA941 remote DOS with \\377 character", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.html" + }, + { + "name": "23619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23619" + }, + { + "name": "25031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25031" + }, + { + "name": "1017957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017957" + }, + { + "name": "3792", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3792" + }, + { + "name": "ADV-2007-1532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1532" + }, + { + "name": "linksys-spa941-sip-dos(33856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33856" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2292.json b/2007/2xxx/CVE-2007-2292.json index ca2f2f78c9f..8d44e5bbc12 100644 --- a/2007/2xxx/CVE-2007-2292.json +++ b/2007/2xxx/CVE-2007-2292.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466906/100/0/threaded" - }, - { - "name" : "20071029 FLEA-2007-0062-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482925/100/0/threaded" - }, - { - "name" : "20071026 rPSA-2007-0225-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482876/100/200/threaded" - }, - { - "name" : "20071029 rPSA-2007-0225-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482932/100/200/threaded" - }, - { - "name" : "http://www.wisec.it/vulns.php?id=11", - "refsource" : "MISC", - "url" : "http://www.wisec.it/vulns.php?id=11" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=378787", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=378787" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-31.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1858", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1858" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" - }, - { - "name" : "DSA-1396", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1396" - }, - { - "name" : "DSA-1401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1401" - }, - { - "name" : "DSA-1392", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1392" - }, - { - "name" : "FEDORA-2007-2601", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html" - }, - { - "name" : "FEDORA-2007-2664", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" - }, - { - "name" : "FEDORA-2007-3431", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html" - }, - { - "name" : "GLSA-200711-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:202", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" - }, - { - "name" : "RHSA-2007:0979", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0979.html" - }, - { - "name" : "RHSA-2007:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0980.html" - }, - { - "name" : "RHSA-2007:0981", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0981.html" - }, - { - "name" : "201516", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" - }, - { - "name" : "SUSE-SA:2007:057", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" - }, - { - "name" : "USN-535-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/535-1/" - }, - { - "name" : "USN-536-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-536-1" - }, - { - "name" : "23668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23668" - }, - { - "name" : "oval:org.mitre.oval:def:10195", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195" - }, - { - "name" : "ADV-2007-3544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3544" - }, - { - "name" : "ADV-2007-3587", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3587" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017968" - }, - { - "name" : "27276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27276" - }, - { - "name" : "27325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27325" - }, - { - "name" : "27327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27327" - }, - { - "name" : "27335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27335" - }, - { - "name" : "27356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27356" - }, - { - "name" : "27383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27383" - }, - { - "name" : "27425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27425" - }, - { - "name" : "27403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27403" - }, - { - "name" : "27480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27480" - }, - { - "name" : "27387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27387" - }, - { - "name" : "27298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27298" - }, - { - "name" : "27311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27311" - }, - { - "name" : "27315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27315" - }, - { - "name" : "27336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27336" - }, - { - "name" : "27665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27665" - }, - { - "name" : "27414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27414" - }, - { - "name" : "27680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27680" - }, - { - "name" : "27360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27360" - }, - { - "name" : "28398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28398" - }, - { - "name" : "2654", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2654" - }, - { - "name" : "firefox-lf-response-splitting(33981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2007-2601", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html" + }, + { + "name": "20071026 rPSA-2007-0225-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" + }, + { + "name": "http://www.wisec.it/vulns.php?id=11", + "refsource": "MISC", + "url": "http://www.wisec.it/vulns.php?id=11" + }, + { + "name": "1017968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017968" + }, + { + "name": "ADV-2007-3587", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3587" + }, + { + "name": "27414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27414" + }, + { + "name": "20071029 FLEA-2007-0062-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1858", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1858" + }, + { + "name": "GLSA-200711-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml" + }, + { + "name": "27360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27360" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "27298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27298" + }, + { + "name": "27315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27315" + }, + { + "name": "27327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27327" + }, + { + "name": "ADV-2007-3544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3544" + }, + { + "name": "27276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27276" + }, + { + "name": "USN-535-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/535-1/" + }, + { + "name": "DSA-1401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1401" + }, + { + "name": "DSA-1392", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1392" + }, + { + "name": "RHSA-2007:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html" + }, + { + "name": "27383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27383" + }, + { + "name": "SUSE-SA:2007:057", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" + }, + { + "name": "27356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27356" + }, + { + "name": "RHSA-2007:0981", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "27387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27387" + }, + { + "name": "23668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23668" + }, + { + "name": "FEDORA-2007-3431", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html" + }, + { + "name": "27403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27403" + }, + { + "name": "27336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27336" + }, + { + "name": "DSA-1396", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1396" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-31.html" + }, + { + "name": "27425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27425" + }, + { + "name": "28398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28398" + }, + { + "name": "firefox-lf-response-splitting(33981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33981" + }, + { + "name": "oval:org.mitre.oval:def:10195", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195" + }, + { + "name": "27311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27311" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "27325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27325" + }, + { + "name": "MDKSA-2007:202", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" + }, + { + "name": "27665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27665" + }, + { + "name": "RHSA-2007:0979", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html" + }, + { + "name": "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466906/100/0/threaded" + }, + { + "name": "27335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27335" + }, + { + "name": "FEDORA-2007-2664", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" + }, + { + "name": "27480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27480" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=378787", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=378787" + }, + { + "name": "27680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27680" + }, + { + "name": "2654", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2654" + }, + { + "name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" + }, + { + "name": "201516", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" + }, + { + "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" + }, + { + "name": "USN-536-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-536-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2473.json b/2007/2xxx/CVE-2007-2473.json index 35e97889165..7d9c02c846e 100644 --- a/2007/2xxx/CVE-2007-2473.json +++ b/2007/2xxx/CVE-2007-2473.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.scanit.be/advisory-2007-05-02.html", - "refsource" : "MISC", - "url" : "http://www.scanit.be/advisory-2007-05-02.html" - }, - { - "name" : "http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/" - }, - { - "name" : "23753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23753" - }, - { - "name" : "35744", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35744" - }, - { - "name" : "ADV-2007-1628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1628" - }, - { - "name" : "25082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25082" - }, - { - "name" : "cmsmadesimple-stylesheet-sql-injection(34044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/", + "refsource": "CONFIRM", + "url": "http://blog.cmsmadesimple.org/2007/04/24/cms-made-simple-106-released/" + }, + { + "name": "25082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25082" + }, + { + "name": "cmsmadesimple-stylesheet-sql-injection(34044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34044" + }, + { + "name": "http://www.scanit.be/advisory-2007-05-02.html", + "refsource": "MISC", + "url": "http://www.scanit.be/advisory-2007-05-02.html" + }, + { + "name": "ADV-2007-1628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1628" + }, + { + "name": "23753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23753" + }, + { + "name": "35744", + "refsource": "OSVDB", + "url": "http://osvdb.org/35744" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2480.json b/2007/2xxx/CVE-2007-2480.json index 039b23d2fbc..1b33fa640a6 100644 --- a/2007/2xxx/CVE-2007-2480.json +++ b/2007/2xxx/CVE-2007-2480.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a832c46e624dd1495cf5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a832c46e624dd1495cf5" - }, - { - "name" : "39235", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a832c46e624dd1495cf5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a832c46e624dd1495cf5" + }, + { + "name": "39235", + "refsource": "OSVDB", + "url": "http://osvdb.org/39235" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2622.json b/2007/2xxx/CVE-2007-2622.json index b2ff8ef2980..9a84d70afb7 100644 --- a/2007/2xxx/CVE-2007-2622.json +++ b/2007/2xxx/CVE-2007-2622.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3896", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3896" - }, - { - "name" : "23919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23919" - }, - { - "name" : "35972", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35972" - }, - { - "name" : "35973", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35973" - }, - { - "name" : "ADV-2007-1768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1768" - }, - { - "name" : "25221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25221" - }, - { - "name" : "taskdriver-login-notes-sql-injection(34249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1768" + }, + { + "name": "25221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25221" + }, + { + "name": "35973", + "refsource": "OSVDB", + "url": "http://osvdb.org/35973" + }, + { + "name": "3896", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3896" + }, + { + "name": "35972", + "refsource": "OSVDB", + "url": "http://osvdb.org/35972" + }, + { + "name": "taskdriver-login-notes-sql-injection(34249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34249" + }, + { + "name": "23919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23919" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6367.json b/2007/6xxx/CVE-2007-6367.json index 2060afeb7f9..289055fde51 100644 --- a/2007/6xxx/CVE-2007-6367.json +++ b/2007/6xxx/CVE-2007-6367.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071205 SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484648/100/0/threaded" - }, - { - "name" : "20071218 Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485267/100/200/threaded" - }, - { - "name" : "4693", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4693" - }, - { - "name" : "27949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27949" - }, - { - "name" : "3444", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3444" - }, - { - "name" : "sinecms-mods-xss(38893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3444", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3444" + }, + { + "name": "27949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27949" + }, + { + "name": "sinecms-mods-xss(38893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893" + }, + { + "name": "4693", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4693" + }, + { + "name": "20071205 SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded" + }, + { + "name": "20071218 Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6607.json b/2007/6xxx/CVE-2007-6607.json index b1dd0a511cd..8127a8f2096 100644 --- a/2007/6xxx/CVE-2007-6607.json +++ b/2007/6xxx/CVE-2007-6607.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485588/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071" - }, - { - "name" : "27053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27053" - }, - { - "name" : "41286", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41286" - }, - { - "name" : "41287", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41287" - }, - { - "name" : "41288", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41288" - }, - { - "name" : "3502", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3502" - }, - { - "name" : "openbiblio-multiple-scripts-path-disclosure(39295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3502", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3502" + }, + { + "name": "41288", + "refsource": "OSVDB", + "url": "http://osvdb.org/41288" + }, + { + "name": "41286", + "refsource": "OSVDB", + "url": "http://osvdb.org/41286" + }, + { + "name": "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485588/100/0/threaded" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071" + }, + { + "name": "27053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27053" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071" + }, + { + "name": "openbiblio-multiple-scripts-path-disclosure(39295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39295" + }, + { + "name": "41287", + "refsource": "OSVDB", + "url": "http://osvdb.org/41287" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0773.json b/2010/0xxx/CVE-2010-0773.json index 1a8df7e1be9..d8806ac694e 100644 --- a/2010/0xxx/CVE-2010-0773.json +++ b/2010/0xxx/CVE-2010-0773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0871.json b/2010/0xxx/CVE-2010-0871.json index 8ed1975749a..53ad4bc48c7 100644 --- a/2010/0xxx/CVE-2010-0871.json +++ b/2010/0xxx/CVE-2010-0871.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023859" - }, - { - "name" : "39441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "1023859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023859" + }, + { + "name": "39441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39441" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1414.json b/2010/1xxx/CVE-2010-1414.json index 02df5b818ca..cc6d3fd3b8b 100644 --- a/2010/1xxx/CVE-2010-1414.json +++ b/2010/1xxx/CVE-2010-1414.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:7041", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7041" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "oval:org.mitre.oval:def:7041", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7041" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1780.json b/2010/1xxx/CVE-2010-1780.json index 0768e67e5d0..58010e7bd8f 100644 --- a/2010/1xxx/CVE-2010-1780.json +++ b/2010/1xxx/CVE-2010-1780.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4276", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4276" - }, - { - "name" : "http://support.apple.com/kb/HT4334", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4334" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-07-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-09-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "42020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42020" - }, - { - "name" : "oval:org.mitre.oval:def:10964", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10964" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "APPLE-SA-2010-09-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4334", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4334" + }, + { + "name": "http://support.apple.com/kb/HT4276", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4276" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "oval:org.mitre.oval:def:10964", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10964" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2010-07-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "42020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42020" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4111.json b/2010/4xxx/CVE-2010-4111.json index 6835d012cfe..ec5606a68b2 100644 --- a/2010/4xxx/CVE-2010-4111.json +++ b/2010/4xxx/CVE-2010-4111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02615", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129245189832672&w=2" - }, - { - "name" : "SSRT100228", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129245189832672&w=2" - }, - { - "name" : "1024897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02615", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129245189832672&w=2" + }, + { + "name": "1024897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024897" + }, + { + "name": "SSRT100228", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129245189832672&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4293.json b/2010/4xxx/CVE-2010-4293.json index af13e677c81..15eefe0640a 100644 --- a/2010/4xxx/CVE-2010-4293.json +++ b/2010/4xxx/CVE-2010-4293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4293", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4293", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4996.json b/2010/4xxx/CVE-2010-4996.json index a6e58756275..db0d906761c 100644 --- a/2010/4xxx/CVE-2010-4996.json +++ b/2010/4xxx/CVE-2010-4996.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14204", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14204" - }, - { - "name" : "41363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41363" - }, - { - "name" : "ADV-2010-1697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1697" - }, - { - "name" : "onlineguestbook-ogpshow-sql-injection(60037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41363" + }, + { + "name": "ADV-2010-1697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1697" + }, + { + "name": "onlineguestbook-ogpshow-sql-injection(60037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60037" + }, + { + "name": "14204", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14204" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5042.json b/2010/5xxx/CVE-2010-5042.json index db15bd0938e..351fbc82b4c 100644 --- a/2010/5xxx/CVE-2010-5042.json +++ b/2010/5xxx/CVE-2010-5042.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13737", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13737/" - }, - { - "name" : "40580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40580" - }, - { - "name" : "65188", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65188" - }, - { - "name" : "40073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40073" - }, - { - "name" : "ADV-2010-1374", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1374" - }, - { - "name" : "djartgallery-index-xss(59143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13737", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13737/" + }, + { + "name": "40580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40580" + }, + { + "name": "40073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40073" + }, + { + "name": "djartgallery-index-xss(59143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59143" + }, + { + "name": "ADV-2010-1374", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1374" + }, + { + "name": "65188", + "refsource": "OSVDB", + "url": "http://osvdb.org/65188" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0120.json b/2014/0xxx/CVE-2014-0120.json index 0aea8d5f94d..16aab1a3709 100644 --- a/2014/0xxx/CVE-2014-0120.json +++ b/2014/0xxx/CVE-2014-0120.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running \"shutdown -f.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", - "refsource" : "MISC", - "url" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072681", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072681" - }, - { - "name" : "https://github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113", - "refsource" : "CONFIRM", - "url" : "https://github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running \"shutdown -f.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", + "refsource": "MISC", + "url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" + }, + { + "name": "https://github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113", + "refsource": "CONFIRM", + "url": "https://github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072681", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072681" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0178.json b/2014/0xxx/CVE-2014-0178.json index c06633e1af9..296a7d43a2d 100644 --- a/2014/0xxx/CVE-2014-0178.json +++ b/2014/0xxx/CVE-2014-0178.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140711 [ MDVSA-2014:136 ] samba", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532757/100/0/threaded" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2014-0178", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2014-0178" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0279.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0279.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "FEDORA-2014-9132", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" - }, - { - "name" : "FEDORA-2014-7672", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" - }, - { - "name" : "GLSA-201502-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-15.xml" - }, - { - "name" : "MDVSA-2014:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" - }, - { - "name" : "MDVSA-2015:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" - }, - { - "name" : "67686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67686" - }, - { - "name" : "1030308", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030308" - }, - { - "name" : "59378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59378" - }, - { - "name" : "59579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59579" - }, - { - "name" : "59407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67686" + }, + { + "name": "MDVSA-2014:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" + }, + { + "name": "FEDORA-2014-9132", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2014-0178", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2014-0178" + }, + { + "name": "1030308", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030308" + }, + { + "name": "20140711 [ MDVSA-2014:136 ] samba", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded" + }, + { + "name": "GLSA-201502-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" + }, + { + "name": "59407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59407" + }, + { + "name": "FEDORA-2014-7672", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0279.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0279.html" + }, + { + "name": "59378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59378" + }, + { + "name": "MDVSA-2015:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" + }, + { + "name": "59579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59579" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0306.json b/2014/0xxx/CVE-2014-0306.json index ed1d80d2026..76abb2e07a4 100644 --- a/2014/0xxx/CVE-2014-0306.json +++ b/2014/0xxx/CVE-2014-0306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0437.json b/2014/0xxx/CVE-2014-0437.json index 829e96b8193..a2f7d9e3fa1 100644 --- a/2014/0xxx/CVE-2014-0437.json +++ b/2014/0xxx/CVE-2014-0437.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2845", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2845" - }, - { - "name" : "DSA-2848", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2848" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2086-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2086-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64849" - }, - { - "name" : "102074", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102074" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "56541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56541" - }, - { - "name" : "56580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56580" - }, - { - "name" : "oracle-cpujan2014-cve20140437(90385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2086-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2086-1" + }, + { + "name": "DSA-2845", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2845" + }, + { + "name": "102074", + "refsource": "OSVDB", + "url": "http://osvdb.org/102074" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "56541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56541" + }, + { + "name": "DSA-2848", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2848" + }, + { + "name": "oracle-cpujan2014-cve20140437(90385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90385" + }, + { + "name": "56580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56580" + }, + { + "name": "64849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64849" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "RHSA-2014:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0510.json b/2014/0xxx/CVE-2014-0510.json index 24f8c6dc030..0750805a9a4 100644 --- a/2014/0xxx/CVE-2014-0510.json +++ b/2014/0xxx/CVE-2014-0510.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twitter.com/thezdi/statuses/444262022444621824", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/444262022444621824" - }, - { - "name" : "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/", - "refsource" : "MISC", - "url" : "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" - }, - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-14.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-14.html" - }, - { - "name" : "GLSA-201406-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-08.xml" - }, - { - "name" : "RHSA-2014:0496", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0496.html" - }, - { - "name" : "SUSE-SU-2014:0671", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html" - }, - { - "name" : "66241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/", + "refsource": "MISC", + "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" + }, + { + "name": "66241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66241" + }, + { + "name": "http://twitter.com/thezdi/statuses/444262022444621824", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/444262022444621824" + }, + { + "name": "GLSA-201406-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-08.xml" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-14.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-14.html" + }, + { + "name": "SUSE-SU-2014:0671", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html" + }, + { + "name": "RHSA-2014:0496", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0496.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0755.json b/2014/0xxx/CVE-2014-0755.json index 71838c71716..2d1b7c1f781 100644 --- a/2014/0xxx/CVE-2014-0755.json +++ b/2014/0xxx/CVE-2014-0755.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01" - }, - { - "name" : "65337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65337" - }, - { - "name" : "102858", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102858" - }, - { - "name" : "rslogix-cve20140755-info-disc(90981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rslogix-cve20140755-info-disc(90981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01" + }, + { + "name": "102858", + "refsource": "OSVDB", + "url": "http://osvdb.org/102858" + }, + { + "name": "65337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65337" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0959.json b/2014/0xxx/CVE-2014-0959.json index bc5b6cd41c5..b72a0960c9d 100644 --- a/2014/0xxx/CVE-2014-0959.json +++ b/2014/0xxx/CVE-2014-0959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" - }, - { - "name" : "PI16462", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462" - }, - { - "name" : "ibm-websphere-cve20140959-dos(92741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" + }, + { + "name": "PI16462", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462" + }, + { + "name": "ibm-websphere-cve20140959-dos(92741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1324.json b/2014/1xxx/CVE-2014-1324.json index 1054d96129c..d759cd84c20 100644 --- a/2014/1xxx/CVE-2014-1324.json +++ b/2014/1xxx/CVE-2014-1324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6254", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6254" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-05-21-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" - }, - { - "name" : "67553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "http://support.apple.com/kb/HT6254", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6254" + }, + { + "name": "67553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67553" + }, + { + "name": "APPLE-SA-2014-05-21-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1542.json b/2014/1xxx/CVE-2014-1542.json index 58f88715d86..9037e8d02e2 100644 --- a/2014/1xxx/CVE-2014-1542.json +++ b/2014/1xxx/CVE-2014-1542.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-53.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=991533", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=991533" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2014:0855", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:0819", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" - }, - { - "name" : "USN-2243-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2243-1" - }, - { - "name" : "67968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67968" - }, - { - "name" : "1030388", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030388" - }, - { - "name" : "59052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59052" - }, - { - "name" : "59171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59171" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - }, - { - "name" : "59387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59387" - }, - { - "name" : "59486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0819", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" + }, + { + "name": "59387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59387" + }, + { + "name": "1030388", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030388" + }, + { + "name": "59052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59052" + }, + { + "name": "openSUSE-SU-2014:0855", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=991533", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=991533" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-53.html" + }, + { + "name": "67968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67968" + }, + { + "name": "USN-2243-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2243-1" + }, + { + "name": "59171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59171" + }, + { + "name": "59486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59486" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1655.json b/2014/1xxx/CVE-2014-1655.json index cccf5edfb10..de64dc785e5 100644 --- a/2014/1xxx/CVE-2014-1655.json +++ b/2014/1xxx/CVE-2014-1655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1655", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1655", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1910.json b/2014/1xxx/CVE-2014-1910.json index 581a10dee89..f4cab4ad7b1 100644 --- a/2014/1xxx/CVE-2014-1910.json +++ b/2014/1xxx/CVE-2014-1910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX140303", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX140303" - }, - { - "name" : "1029791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029791" - }, - { - "name" : "57020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57020" + }, + { + "name": "http://support.citrix.com/article/CTX140303", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX140303" + }, + { + "name": "1029791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029791" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4054.json b/2014/4xxx/CVE-2014-4054.json index e66d267d479..fd544e60027 100644 --- a/2014/4xxx/CVE-2014-4054.json +++ b/2014/4xxx/CVE-2014-4054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4054", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4054", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4227.json b/2014/4xxx/CVE-2014-4227.json index bfc5051dda4..ebbf5108d13 100644 --- a/2014/4xxx/CVE-2014-4227.json +++ b/2014/4xxx/CVE-2014-4227.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "RHSA-2014:0902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0902" - }, - { - "name" : "RHSA-2014:0908", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0908" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "68603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68603" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60245" - }, - { - "name" : "60081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60081" - }, - { - "name" : "60317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60317" - }, - { - "name" : "61577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61577" - }, - { - "name" : "61640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61640" - }, - { - "name" : "59404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59404" - }, - { - "name" : "60817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60817" - }, - { - "name" : "59986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59986" - }, - { - "name" : "59924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59924" - }, - { - "name" : "59987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59987" - }, - { - "name" : "59680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59680" - }, - { - "name" : "60622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60622" - }, - { - "name" : "oracle-cpujul2014-cve20144227(94588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "68603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68603" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "59987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59987" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "59986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59986" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "60245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60245" + }, + { + "name": "60817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60817" + }, + { + "name": "59924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59924" + }, + { + "name": "61577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61577" + }, + { + "name": "RHSA-2014:0908", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0908" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "59680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59680" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" + }, + { + "name": "60622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60622" + }, + { + "name": "60081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60081" + }, + { + "name": "RHSA-2014:0902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0902" + }, + { + "name": "61640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61640" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "60317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60317" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "oracle-cpujul2014-cve20144227(94588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94588" + }, + { + "name": "59404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59404" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4443.json b/2014/4xxx/CVE-2014-4443.json index 9948ddabe39..c8ed2b2cce9 100644 --- a/2014/4xxx/CVE-2014-4443.json +++ b/2014/4xxx/CVE-2014-4443.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70625" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144443-dos(97624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "70625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70625" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "macosx-cve20144443-dos(97624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97624" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4511.json b/2014/4xxx/CVE-2014-4511.json index 462fd161c4a..1447b74ce24 100644 --- a/2014/4xxx/CVE-2014-4511.json +++ b/2014/4xxx/CVE-2014-4511.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33929", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33929" - }, - { - "name" : "33990", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33990" - }, - { - "name" : "http://hatriot.github.io/blog/2014/06/29/gitlist-rce/", - "refsource" : "MISC", - "url" : "http://hatriot.github.io/blog/2014/06/29/gitlist-rce/" - }, - { - "name" : "http://packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html" - }, - { - "name" : "https://groups.google.com/forum/#!topic/gitlist/Hw_KdZfA4js", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/gitlist/Hw_KdZfA4js" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/gitlist/Hw_KdZfA4js", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/gitlist/Hw_KdZfA4js" + }, + { + "name": "http://hatriot.github.io/blog/2014/06/29/gitlist-rce/", + "refsource": "MISC", + "url": "http://hatriot.github.io/blog/2014/06/29/gitlist-rce/" + }, + { + "name": "http://packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html" + }, + { + "name": "33990", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33990" + }, + { + "name": "http://packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html" + }, + { + "name": "33929", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33929" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9041.json b/2014/9xxx/CVE-2014-9041.json index 3c7524461ca..2b953812201 100644 --- a/2014/9xxx/CVE-2014-9041.json +++ b/2014/9xxx/CVE-2014-9041.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-027", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9728.json b/2014/9xxx/CVE-2014-9728.json index ef690e76bcd..b8450c4bbd7 100644 --- a/2014/9xxx/CVE-2014-9728.json +++ b/2014/9xxx/CVE-2014-9728.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/02/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "74964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c" + }, + { + "name": "https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c" + }, + { + "name": "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/02/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" + }, + { + "name": "74964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74964" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3794.json b/2016/3xxx/CVE-2016-3794.json index 52de2241b57..6911d11341c 100644 --- a/2016/3xxx/CVE-2016-3794.json +++ b/2016/3xxx/CVE-2016-3794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3794", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3814. Reason: This candidate is a reservation duplicate of CVE-2016-3814. Notes: All CVE users should reference CVE-2016-3814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3794", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3814. Reason: This candidate is a reservation duplicate of CVE-2016-3814. Notes: All CVE users should reference CVE-2016-3814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7710.json b/2016/7xxx/CVE-2016-7710.json index 82b9298b1b0..1488c31e337 100644 --- a/2016/7xxx/CVE-2016-7710.json +++ b/2016/7xxx/CVE-2016-7710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7710", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7710", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7871.json b/2016/7xxx/CVE-2016-7871.json index 620e7bfd4e5..4d69d8e7f28 100644 --- a/2016/7xxx/CVE-2016-7871.json +++ b/2016/7xxx/CVE-2016-7871.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-627", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-627" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94866" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "94866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94866" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-627", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-627" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7895.json b/2016/7xxx/CVE-2016-7895.json index 10e0c2cf9ed..9ee992bfdb3 100644 --- a/2016/7xxx/CVE-2016-7895.json +++ b/2016/7xxx/CVE-2016-7895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7895", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7895", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8203.json b/2016/8xxx/CVE-2016-8203.json index caa9fb50706..ab6c1e0edfb 100644 --- a/2016/8xxx/CVE-2016-8203.json +++ b/2016/8xxx/CVE-2016-8203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2016-8203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images", - "version" : { - "version_data" : [ - { - "version_value" : "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2016-8203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images", + "version": { + "version_data": [ + { + "version_value": "Brocade MLX running on NetIron OS All Brocade MLX Line Cards running NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf" - }, - { - "name" : "94232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94232" - }, - { - "name" : "1037010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94232" + }, + { + "name": "1037010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037010" + }, + { + "name": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf", + "refsource": "CONFIRM", + "url": "http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8478.json b/2016/8xxx/CVE-2016-8478.json index c52fc8fb912..2ecf5cc5cdd 100644 --- a/2016/8xxx/CVE-2016-8478.json +++ b/2016/8xxx/CVE-2016-8478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" - }, - { - "name" : "96734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96734" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96734" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8565.json b/2016/8xxx/CVE-2016-8565.json index bc9d4265250..04647aa56d4 100644 --- a/2016/8xxx/CVE-2016-8565.json +++ b/2016/8xxx/CVE-2016-8565.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf" - }, - { - "name" : "93553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93553" - }, - { - "name" : "1037011", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02" + }, + { + "name": "1037011", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037011" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284342.pdf" + }, + { + "name": "93553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93553" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9378.json b/2016/9xxx/CVE-2016-9378.json index f8edb0c6fb6..81119269ec0 100644 --- a/2016/9xxx/CVE-2016-9378.json +++ b/2016/9xxx/CVE-2016-9378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-196.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-196.html" - }, - { - "name" : "GLSA-201612-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-56" - }, - { - "name" : "94475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94475" - }, - { - "name" : "1037345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-56" + }, + { + "name": "94475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94475" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-196.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-196.html" + }, + { + "name": "1037345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037345" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9849.json b/2016/9xxx/CVE-2016-9849.json index 771ac0f2c1b..ab899159ad7 100644 --- a/2016/9xxx/CVE-2016-9849.json +++ b/2016/9xxx/CVE-2016-9849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-60", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-60" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "94521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94521" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-60", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-60" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9875.json b/2016/9xxx/CVE-2016-9875.json index 2a023bc9616..4b74b32882c 100644 --- a/2016/9xxx/CVE-2016-9875.json +++ b/2016/9xxx/CVE-2016-9875.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9875", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9875", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2372.json b/2019/2xxx/CVE-2019-2372.json index 04feb627ef5..cd6cc66083c 100644 --- a/2019/2xxx/CVE-2019-2372.json +++ b/2019/2xxx/CVE-2019-2372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2372", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2372", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file