diff --git a/2006/1xxx/CVE-2006-1191.json b/2006/1xxx/CVE-2006-1191.json index 4962ebe71f2..3ce350c4220 100644 --- a/2006/1xxx/CVE-2006-1191.json +++ b/2006/1xxx/CVE-2006-1191.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" - }, - { - "name" : "17457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17457" - }, - { - "name" : "ADV-2006-1318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1318" - }, - { - "name" : "oval:org.mitre.oval:def:1251", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1251" - }, - { - "name" : "oval:org.mitre.oval:def:1710", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1710" - }, - { - "name" : "1015892", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015892" - }, - { - "name" : "18957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18957" - }, - { - "name" : "ie-popup-zone-bypass(25555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18957" + }, + { + "name": "ie-popup-zone-bypass(25555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25555" + }, + { + "name": "1015892", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015892" + }, + { + "name": "oval:org.mitre.oval:def:1251", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1251" + }, + { + "name": "MS06-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" + }, + { + "name": "17457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17457" + }, + { + "name": "oval:org.mitre.oval:def:1710", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1710" + }, + { + "name": "ADV-2006-1318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1318" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1331.json b/2006/1xxx/CVE-2006-1331.json index 6ecf36a4399..946b68f5531 100644 --- a/2006/1xxx/CVE-2006-1331.json +++ b/2006/1xxx/CVE-2006-1331.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060320 Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428157" - }, - { - "name" : "20060308 Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0191.html" - }, - { - "name" : "http://zone14.free.fr/advisories/1", - "refsource" : "MISC", - "url" : "http://zone14.free.fr/advisories/1" - }, - { - "name" : "17151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17151" - }, - { - "name" : "noahs-index-path-disclosure(25331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25331" - }, - { - "name" : "noahs-index-xss(25099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060320 Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428157" + }, + { + "name": "http://zone14.free.fr/advisories/1", + "refsource": "MISC", + "url": "http://zone14.free.fr/advisories/1" + }, + { + "name": "17151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17151" + }, + { + "name": "noahs-index-xss(25099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25099" + }, + { + "name": "20060308 Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0191.html" + }, + { + "name": "noahs-index-path-disclosure(25331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25331" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1529.json b/2006/1xxx/CVE-2006-1529.json index 0ef4fa03f85..36e4913d7aa 100644 --- a/2006/1xxx/CVE-2006-1529.json +++ b/2006/1xxx/CVE-2006-1529.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=315254", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=315254" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "VU#350262", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350262" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1947", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1947" - }, - { - "name" : "1015919", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015919" - }, - { - "name" : "1015921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015921" - }, - { - "name" : "1015920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015920" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=315254", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=315254" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "VU#350262", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350262" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "1015921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015921" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "1015919", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015919" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "1015920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015920" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "oval:org.mitre.oval:def:1947", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1947" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1854.json b/2006/1xxx/CVE-2006-1854.json index c40d4703142..35cf59298cc 100644 --- a/2006/1xxx/CVE-2006-1854.json +++ b/2006/1xxx/CVE-2006-1854.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that \"it does not exist currently in the Bluepay 2.0 product,\" and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that \"it does not exist currently in the Bluepay 2.0 product,\" and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1898.json b/2006/1xxx/CVE-2006-1898.json index 4b8125d4c5a..bcd9d0afee3 100644 --- a/2006/1xxx/CVE-2006-1898.json +++ b/2006/1xxx/CVE-2006-1898.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the \"Access to hash password\" issue is already covered by CVE-2006-0103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 Tiny PHP forum - vulns", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431133/100/0/threaded" - }, - { - "name" : "17553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17553" - }, - { - "name" : "728", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/728" - }, - { - "name" : "773", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/773" - }, - { - "name" : "tinyphpforum-profile-error-xss(25856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the \"Access to hash password\" issue is already covered by CVE-2006-0103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tinyphpforum-profile-error-xss(25856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25856" + }, + { + "name": "728", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/728" + }, + { + "name": "17553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17553" + }, + { + "name": "773", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/773" + }, + { + "name": "20060417 Tiny PHP forum - vulns", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431133/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5079.json b/2006/5xxx/CVE-2006-5079.json index 33c2c5fec8a..5b5fdec4eec 100644 --- a/2006/5xxx/CVE-2006-5079.json +++ b/2006/5xxx/CVE-2006-5079.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2437", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2437" - }, - { - "name" : "20222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20222" - }, - { - "name" : "ADV-2006-3784", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3784" - }, - { - "name" : "pabugs-class-file-include(29179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20222" + }, + { + "name": "ADV-2006-3784", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3784" + }, + { + "name": "2437", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2437" + }, + { + "name": "pabugs-class-file-include(29179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29179" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5431.json b/2006/5xxx/CVE-2006-5431.json index f462f34c259..aa501547d4e 100644 --- a/2006/5xxx/CVE-2006-5431.json +++ b/2006/5xxx/CVE-2006-5431.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449105/100/0/threaded" - }, - { - "name" : "20606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20606" - }, - { - "name" : "1748", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1748" - }, - { - "name" : "zorum-dbproperty-file-include(29648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20606" + }, + { + "name": "20061018 zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449105/100/0/threaded" + }, + { + "name": "1748", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1748" + }, + { + "name": "zorum-dbproperty-file-include(29648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29648" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2317.json b/2007/2xxx/CVE-2007-2317.json index bc172764136..d8c32f92915 100644 --- a/2007/2xxx/CVE-2007-2317.json +++ b/2007/2xxx/CVE-2007-2317.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3707", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3707" - }, - { - "name" : "20070413 Dup: TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001518.html" - }, - { - "name" : "23416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23416" - }, - { - "name" : "ADV-2007-1354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1354" - }, - { - "name" : "35761", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35761" - }, - { - "name" : "35762", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35762" - }, - { - "name" : "tosmomambo-absolutepath-file-include(33578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23416" + }, + { + "name": "tosmomambo-absolutepath-file-include(33578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33578" + }, + { + "name": "ADV-2007-1354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1354" + }, + { + "name": "20070413 Dup: TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001518.html" + }, + { + "name": "35761", + "refsource": "OSVDB", + "url": "http://osvdb.org/35761" + }, + { + "name": "3707", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3707" + }, + { + "name": "35762", + "refsource": "OSVDB", + "url": "http://osvdb.org/35762" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2884.json b/2007/2xxx/CVE-2007-2884.json index 6b8275b6426..a63e7cbfb6c 100644 --- a/2007/2xxx/CVE-2007-2884.json +++ b/2007/2xxx/CVE-2007-2884.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3976", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3976" - }, - { - "name" : "3977", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3977" - }, - { - "name" : "24128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24128" - }, - { - "name" : "24129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24129" - }, - { - "name" : "41052", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41052" - }, - { - "name" : "41053", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41053" - }, - { - "name" : "vb-companyname-bo(34476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34476" - }, - { - "name" : "vb-projectdetail-bo(34475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41053", + "refsource": "OSVDB", + "url": "http://osvdb.org/41053" + }, + { + "name": "vb-projectdetail-bo(34475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34475" + }, + { + "name": "3977", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3977" + }, + { + "name": "41052", + "refsource": "OSVDB", + "url": "http://osvdb.org/41052" + }, + { + "name": "3976", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3976" + }, + { + "name": "24128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24128" + }, + { + "name": "vb-companyname-bo(34476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34476" + }, + { + "name": "24129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24129" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6539.json b/2007/6xxx/CVE-2007-6539.json index 7316aab0b41..696d1bd3041 100644 --- a/2007/6xxx/CVE-2007-6539.json +++ b/2007/6xxx/CVE-2007-6539.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071220 iSupport v1.8 Local file include vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485392/100/0/threaded" - }, - { - "name" : "26961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26961" - }, - { - "name" : "39801", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39801" - }, - { - "name" : "3488", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3488" - }, - { - "name" : "isupport-index-file-include(39184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26961" + }, + { + "name": "3488", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3488" + }, + { + "name": "20071220 iSupport v1.8 Local file include vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485392/100/0/threaded" + }, + { + "name": "39801", + "refsource": "OSVDB", + "url": "http://osvdb.org/39801" + }, + { + "name": "isupport-index-file-include(39184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39184" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0223.json b/2010/0xxx/CVE-2010-0223.json index 62727af5188..cb028da0d95 100644 --- a/2010/0xxx/CVE-2010-0223.json +++ b/2010/0xxx/CVE-2010-0223.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kingston.com/driveupdate/", - "refsource" : "MISC", - "url" : "http://www.kingston.com/driveupdate/" - }, - { - "name" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", - "refsource" : "MISC", - "url" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf" - }, - { - "name" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", - "refsource" : "MISC", - "url" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9" - }, - { - "name" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed", - "refsource" : "MISC", - "url" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed" - }, - { - "name" : "ADV-2010-0080", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kingston.com/driveupdate/", + "refsource": "MISC", + "url": "http://www.kingston.com/driveupdate/" + }, + { + "name": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", + "refsource": "MISC", + "url": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9" + }, + { + "name": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", + "refsource": "MISC", + "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf" + }, + { + "name": "ADV-2010-0080", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0080" + }, + { + "name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", + "refsource": "MISC", + "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0792.json b/2010/0xxx/CVE-2010-0792.json index 1036353298c..dc89814f80a 100644 --- a/2010/0xxx/CVE-2010-0792.json +++ b/2010/0xxx/CVE-2010-0792.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100304 fcrontab Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509873/100/0/threaded" - }, - { - "name" : "20100303 fcrontab Information Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Mar/97" - }, - { - "name" : "http://fcron.free.fr/", - "refsource" : "CONFIRM", - "url" : "http://fcron.free.fr/" - }, - { - "name" : "FEDORA-2010-4063", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038150.html" - }, - { - "name" : "38531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38531" - }, - { - "name" : "62718", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62718" - }, - { - "name" : "1023677", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023677" - }, - { - "name" : "38796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38796" - }, - { - "name" : "39195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39195" - }, - { - "name" : "ADV-2010-0730", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0730" - }, - { - "name" : "fcron-fcrontab-symlink(56680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0730", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0730" + }, + { + "name": "39195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39195" + }, + { + "name": "FEDORA-2010-4063", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038150.html" + }, + { + "name": "20100304 fcrontab Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509873/100/0/threaded" + }, + { + "name": "1023677", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023677" + }, + { + "name": "fcron-fcrontab-symlink(56680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56680" + }, + { + "name": "62718", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62718" + }, + { + "name": "http://fcron.free.fr/", + "refsource": "CONFIRM", + "url": "http://fcron.free.fr/" + }, + { + "name": "20100303 fcrontab Information Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Mar/97" + }, + { + "name": "38796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38796" + }, + { + "name": "38531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38531" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1507.json b/2010/1xxx/CVE-2010-1507.json index 244fb577859..0db136e2d4e 100644 --- a/2010/1xxx/CVE-2010-1507.json +++ b/2010/1xxx/CVE-2010-1507.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2010-1507.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2010-1507.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=591345", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=591345" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=598834", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=598834" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "42128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=591345", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2010-1507.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2010-1507.html" + }, + { + "name": "42128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42128" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=598834", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1544.json b/2010/1xxx/CVE-2010-1544.json index 3a2d76dc716..9f2a10ee481 100644 --- a/2010/1xxx/CVE-2010-1544.json +++ b/2010/1xxx/CVE-2010-1544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt" - }, - { - "name" : "38488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38488" - }, - { - "name" : "38778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38778" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt" + }, + { + "name": "38488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38488" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1671.json b/2010/1xxx/CVE-2010-1671.json index 5a359bb6cb8..6c1a05fb8ff 100644 --- a/2010/1xxx/CVE-2010-1671.json +++ b/2010/1xxx/CVE-2010-1671.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz", - "refsource" : "MISC", - "url" : "http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670" - }, - { - "name" : "66649", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66649" - }, - { - "name" : "40713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670" + }, + { + "name": "http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz", + "refsource": "MISC", + "url": "http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz" + }, + { + "name": "66649", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66649" + }, + { + "name": "40713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40713" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1691.json b/2010/1xxx/CVE-2010-1691.json index 6ce3783b8f5..7f5c5d2942a 100644 --- a/2010/1xxx/CVE-2010-1691.json +++ b/2010/1xxx/CVE-2010-1691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1691", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-1691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3151.json b/2010/3xxx/CVE-2010-3151.json index c4af55f6c87..9e797303fea 100644 --- a/2010/3xxx/CVE-2010-3151.json +++ b/2010/3xxx/CVE-2010-3151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513332/100/0/threaded" - }, - { - "name" : "14772", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14772/" - }, - { - "name" : "adobe-ibfs32-code-exec(64445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-ibfs32-code-exec(64445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64445" + }, + { + "name": "14772", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14772/" + }, + { + "name": "20100825 Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513332/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4145.json b/2010/4xxx/CVE-2010-4145.json index 03dc2d868d9..404f56ae89a 100644 --- a/2010/4xxx/CVE-2010-4145.json +++ b/2010/4xxx/CVE-2010-4145.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15270", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15270" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt" - }, - { - "name" : "41816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt" + }, + { + "name": "41816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41816" + }, + { + "name": "15270", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15270" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4676.json b/2010/4xxx/CVE-2010-4676.json index 20c0ee8e8c5..7278a4a1585 100644 --- a/2010/4xxx/CVE-2010-4676.json +++ b/2010/4xxx/CVE-2010-4676.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" - }, - { - "name" : "45767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45767" - }, - { - "name" : "1024963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024963" - }, - { - "name" : "42931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42931" - }, - { - "name" : "asa-ipsec-dos(64602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asa-ipsec-dos(64602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64602" + }, + { + "name": "1024963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024963" + }, + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" + }, + { + "name": "45767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45767" + }, + { + "name": "42931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42931" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4799.json b/2010/4xxx/CVE-2010-4799.json index 34e0e5114e1..18bf13cf540 100644 --- a/2010/4xxx/CVE-2010-4799.json +++ b/2010/4xxx/CVE-2010-4799.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15223", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15223" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/chipmunkpwngame-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/chipmunkpwngame-sql.txt" - }, - { - "name" : "43906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43906" - }, - { - "name" : "41760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41760" - }, - { - "name" : "8224", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8224" - }, - { - "name" : "chipmunk-pwngame-login-sql-injection(62377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8224", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8224" + }, + { + "name": "43906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43906" + }, + { + "name": "15223", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15223" + }, + { + "name": "chipmunk-pwngame-login-sql-injection(62377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62377" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/chipmunkpwngame-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/chipmunkpwngame-sql.txt" + }, + { + "name": "41760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41760" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4813.json b/2010/4xxx/CVE-2010-4813.json index b9df9dd36ec..a4e2215967a 100644 --- a/2010/4xxx/CVE-2010-4813.json +++ b/2010/4xxx/CVE-2010-4813.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/968176", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/968176" - }, - { - "name" : "44780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44780" - }, - { - "name" : "69145", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69145" - }, - { - "name" : "42168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42168" - }, - { - "name" : "category-tokens-vocabulary-names-xss(63203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42168" + }, + { + "name": "69145", + "refsource": "OSVDB", + "url": "http://osvdb.org/69145" + }, + { + "name": "category-tokens-vocabulary-names-xss(63203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63203" + }, + { + "name": "44780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44780" + }, + { + "name": "http://drupal.org/node/968176", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/968176" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0795.json b/2014/0xxx/CVE-2014-0795.json index 44a2d8aa4eb..503ad94b8cb 100644 --- a/2014/0xxx/CVE-2014-0795.json +++ b/2014/0xxx/CVE-2014-0795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10055.json b/2014/10xxx/CVE-2014-10055.json index 7aa4d0d519a..e4c899b7bd3 100644 --- a/2014/10xxx/CVE-2014-10055.json +++ b/2014/10xxx/CVE-2014-10055.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 400, SD 800" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Leakage of protected contents when security config is not restored for OCMEM xPUs during each OCMEM power up" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 400, SD 800" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Leakage of protected contents when security config is not restored for OCMEM xPUs during each OCMEM power up" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1672.json b/2014/1xxx/CVE-2014-1672.json index 02bc9f74581..698abe16f22 100644 --- a/2014/1xxx/CVE-2014-1672.json +++ b/2014/1xxx/CVE-2014-1672.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the \"Get - Interfaces with Topology\" action is performed, which allows attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087" - }, - { - "name" : "checkpoint-gateway-cve20141672-sec-bypass(90976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the \"Get - Interfaces with Topology\" action is performed, which allows attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "checkpoint-gateway-cve20141672-sec-bypass(90976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90976" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1761.json b/2014/1xxx/CVE-2014-1761.json index 81be250a872..b9f2873f7b2 100644 --- a/2014/1xxx/CVE-2014-1761.json +++ b/2014/1xxx/CVE-2014-1761.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/security/advisory/2953095", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2953095" - }, - { - "name" : "MS14-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2953095", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2953095" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4174.json b/2014/4xxx/CVE-2014-4174.json index e3c0040cd09..3284257384c 100644 --- a/2014/4xxx/CVE-2014-4174.json +++ b/2014/4xxx/CVE-2014-4174.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-05.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-05.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4316.json b/2014/4xxx/CVE-2014-4316.json index 66dcc38207d..aaea5270d3b 100644 --- a/2014/4xxx/CVE-2014-4316.json +++ b/2014/4xxx/CVE-2014-4316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4829.json b/2014/4xxx/CVE-2014-4829.json index 6eca8afc3ee..29f3ab97f14 100644 --- a/2014/4xxx/CVE-2014-4829.json +++ b/2014/4xxx/CVE-2014-4829.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691211", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691211" - }, - { - "name" : "ibm-qradar-cve20144829-csrf(95579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-qradar-cve20144829-csrf(95579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9032.json b/2014/9xxx/CVE-2014-9032.json index da3ac72b7db..1623eb693db 100644 --- a/2014/9xxx/CVE-2014-9032.json +++ b/2014/9xxx/CVE-2014-9032.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/25/12" - }, - { - "name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0493.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0493.html" - }, - { - "name" : "MDVSA-2014:233", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" - }, - { - "name" : "71236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71236" - }, - { - "name" : "1031243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/25/12" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0493.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0493.html" + }, + { + "name": "1031243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031243" + }, + { + "name": "71236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71236" + }, + { + "name": "MDVSA-2014:233", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" + }, + { + "name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9101.json b/2014/9xxx/CVE-2014-9101.json index 938407afea4..5c9efb55bc1 100644 --- a/2014/9xxx/CVE-2014-9101.json +++ b/2014/9xxx/CVE-2014-9101.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34190", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34190" - }, - { - "name" : "http://packetstormsecurity.com/files/127652/Oxwall-1.7.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127652/Oxwall-1.7.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "http://packetstormsecurity.com/files/127690/SkaDate-Lite-2.0-CSRF-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127690/SkaDate-Lite-2.0-CSRF-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php" - }, - { - "name" : "68971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68971" - }, - { - "name" : "109622", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109622" - }, - { - "name" : "109623", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109623" - }, - { - "name" : "109624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109624" - }, - { - "name" : "109625", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127652/Oxwall-1.7.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127652/Oxwall-1.7.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "name": "34190", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34190" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php" + }, + { + "name": "68971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68971" + }, + { + "name": "109622", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109622" + }, + { + "name": "109623", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109623" + }, + { + "name": "http://packetstormsecurity.com/files/127690/SkaDate-Lite-2.0-CSRF-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127690/SkaDate-Lite-2.0-CSRF-Cross-Site-Scripting.html" + }, + { + "name": "109624", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109624" + }, + { + "name": "109625", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109625" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9142.json b/2014/9xxx/CVE-2014-9142.json index 66d4450436f..b0e287a1870 100644 --- a/2014/9xxx/CVE-2014-9142.json +++ b/2014/9xxx/CVE-2014-9142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141203 Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534143/100/0/threaded" - }, - { - "name" : "35462", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35462" - }, - { - "name" : "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141203 Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534143/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129374/ADSL2-2.05.C29GV-XSS-URL-Redirect-Command-Injection.html" + }, + { + "name": "35462", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35462" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9389.json b/2014/9xxx/CVE-2014-9389.json index 7e4f4932735..409b8070e83 100644 --- a/2014/9xxx/CVE-2014-9389.json +++ b/2014/9xxx/CVE-2014-9389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/", - "refsource" : "CONFIRM", - "url" : "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/" - }, - { - "name" : "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal", - "refsource" : "CONFIRM", - "url" : "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal" - }, - { - "name" : "61134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/", + "refsource": "CONFIRM", + "url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/" + }, + { + "name": "61134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61134" + }, + { + "name": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal", + "refsource": "CONFIRM", + "url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9525.json b/2014/9xxx/CVE-2014-9525.json index 92703aa3845..68098e781e3 100644 --- a/2014/9xxx/CVE-2014-9525.json +++ b/2014/9xxx/CVE-2014-9525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129510/WordPress-Timed-Popup-1.3-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129510/WordPress-Timed-Popup-1.3-CSRF-XSS.html" - }, - { - "name" : "timedpopup-wppopup-csrf(99376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99376" - }, - { - "name" : "timedpopup-wppopup-xss(99377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "timedpopup-wppopup-xss(99377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99377" + }, + { + "name": "timedpopup-wppopup-csrf(99376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99376" + }, + { + "name": "http://packetstormsecurity.com/files/129510/WordPress-Timed-Popup-1.3-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129510/WordPress-Timed-Popup-1.3-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3243.json b/2016/3xxx/CVE-2016-3243.json index 7b4074d3c55..75f3172d50f 100644 --- a/2016/3xxx/CVE-2016-3243.json +++ b/2016/3xxx/CVE-2016-3243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-084", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" - }, - { - "name" : "91571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91571" - }, - { - "name" : "1036283", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91571" + }, + { + "name": "1036283", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036283" + }, + { + "name": "MS16-084", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3482.json b/2016/3xxx/CVE-2016-3482.json index c88180655e3..7d3c828f6a3 100644 --- a/2016/3xxx/CVE-2016-3482.json +++ b/2016/3xxx/CVE-2016-3482.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92026" - }, - { - "name" : "1036372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036372" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "92026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92026" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3620.json b/2016/3xxx/CVE-2016-3620.json index 8007a422d43..8c3a26aaa12 100644 --- a/2016/3xxx/CVE-2016-3620.json +++ b/2016/3xxx/CVE-2016-3620.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/07/2" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2570", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2570" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "1035508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035508" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2570", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2570" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/07/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3814.json b/2016/3xxx/CVE-2016-3814.json index 301ef2790ea..771755104e4 100644 --- a/2016/3xxx/CVE-2016-3814.json +++ b/2016/3xxx/CVE-2016-3814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6232.json b/2016/6xxx/CVE-2016-6232.json index 130529d741a..9e6925c61d0 100644 --- a/2016/6xxx/CVE-2016-6232.json +++ b/2016/6xxx/CVE-2016-6232.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160716 CVE Request for KNewStuff/KArchive issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/16/2" - }, - { - "name" : "[oss-security] 20160716 Re: CVE Request for KNewStuff/KArchive issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/16/3" - }, - { - "name" : "https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37", - "refsource" : "CONFIRM", - "url" : "https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37" - }, - { - "name" : "https://www.kde.org/info/security/advisory-20160724-1.txt", - "refsource" : "CONFIRM", - "url" : "https://www.kde.org/info/security/advisory-20160724-1.txt" - }, - { - "name" : "DSA-3643", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3643" - }, - { - "name" : "openSUSE-SU-2016:2223", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1884", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00023.html" - }, - { - "name" : "USN-3042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3042-1" - }, - { - "name" : "91806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160716 Re: CVE Request for KNewStuff/KArchive issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/16/3" + }, + { + "name": "https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37", + "refsource": "CONFIRM", + "url": "https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37" + }, + { + "name": "https://www.kde.org/info/security/advisory-20160724-1.txt", + "refsource": "CONFIRM", + "url": "https://www.kde.org/info/security/advisory-20160724-1.txt" + }, + { + "name": "openSUSE-SU-2016:1884", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00023.html" + }, + { + "name": "91806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91806" + }, + { + "name": "DSA-3643", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3643" + }, + { + "name": "openSUSE-SU-2016:2223", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00000.html" + }, + { + "name": "[oss-security] 20160716 CVE Request for KNewStuff/KArchive issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/16/2" + }, + { + "name": "USN-3042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3042-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7136.json b/2016/7xxx/CVE-2016-7136.json index b41a7fed3cc..11b63756c5e 100644 --- a/2016/7xxx/CVE-2016-7136.json +++ b/2016/7xxx/CVE-2016-7136.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161012 Multiple Vulnerabilities in Plone CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539572/100/0/threaded" - }, - { - "name" : "20161019 Multiple Vulnerabilities in Plone CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/80" - }, - { - "name" : "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/4" - }, - { - "name" : "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/5" - }, - { - "name" : "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" - }, - { - "name" : "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms" - }, - { - "name" : "92752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" + }, + { + "name": "20161019 Multiple Vulnerabilities in Plone CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/80" + }, + { + "name": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20160830/non-persistent-xss-in-plone-forms" + }, + { + "name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" + }, + { + "name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" + }, + { + "name": "20161012 Multiple Vulnerabilities in Plone CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" + }, + { + "name": "92752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92752" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7339.json b/2016/7xxx/CVE-2016-7339.json index 7a18e1b70be..b8b4693e3b5 100644 --- a/2016/7xxx/CVE-2016-7339.json +++ b/2016/7xxx/CVE-2016-7339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7580.json b/2016/7xxx/CVE-2016-7580.json index b100d221da5..0a1e365d432 100644 --- a/2016/7xxx/CVE-2016-7580.json +++ b/2016/7xxx/CVE-2016-7580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the \"Mail\" component, which allows remote web servers to cause a denial of service via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "94434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the \"Mail\" component, which allows remote web servers to cause a denial of service via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94434" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8116.json b/2016/8xxx/CVE-2016-8116.json index b9f1d1cb864..649954fd6eb 100644 --- a/2016/8xxx/CVE-2016-8116.json +++ b/2016/8xxx/CVE-2016-8116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8210.json b/2016/8xxx/CVE-2016-8210.json index 3d12c81c71d..d2967baae81 100644 --- a/2016/8xxx/CVE-2016-8210.json +++ b/2016/8xxx/CVE-2016-8210.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8210", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8210", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8431.json b/2016/8xxx/CVE-2016-8431.json index d0b391d3b7b..57c031c2914 100644 --- a/2016/8xxx/CVE-2016-8431.json +++ b/2016/8xxx/CVE-2016-8431.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95236" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8873.json b/2016/8xxx/CVE-2016-8873.json index 7d854d7c286..e9c88340d97 100644 --- a/2016/8xxx/CVE-2016-8873.json +++ b/2016/8xxx/CVE-2016-8873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8967.json b/2016/8xxx/CVE-2016-8967.json index 69b133b3022..80edfe1568d 100644 --- a/2016/8xxx/CVE-2016-8967.json +++ b/2016/8xxx/CVE-2016-8967.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Inventory", - "version" : { - "version_data" : [ - { - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Inventory", + "version": { + "version_data": [ + { + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995019", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995019" - }, - { - "name" : "95902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995019", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995019" + }, + { + "name": "95902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95902" + } + ] + } +} \ No newline at end of file