diff --git a/2006/0xxx/CVE-2006-0115.json b/2006/0xxx/CVE-2006-0115.json index d451be24287..6cda4a72584 100644 --- a/2006/0xxx/CVE-2006-0115.json +++ b/2006/0xxx/CVE-2006-0115.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22248-oneplug.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22248-oneplug.txt" - }, - { - "name" : "16155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16155" - }, - { - "name" : "ADV-2006-0079", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0079" - }, - { - "name" : "22248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22248" - }, - { - "name" : "22249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22249" - }, - { - "name" : "22250", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22250" - }, - { - "name" : "18325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16155" + }, + { + "name": "ADV-2006-0079", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0079" + }, + { + "name": "22249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22249" + }, + { + "name": "22250", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22250" + }, + { + "name": "http://osvdb.org/ref/22/22248-oneplug.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22248-oneplug.txt" + }, + { + "name": "18325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18325" + }, + { + "name": "22248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22248" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0186.json b/2006/0xxx/CVE-2006-0186.json index 4a1c255d1e6..91b960d2320 100644 --- a/2006/0xxx/CVE-2006-0186.json +++ b/2006/0xxx/CVE-2006-0186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0186", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4500. Reason: This candidate is a duplicate of CVE-2005-4500. Notes: All CVE users should reference CVE-2005-4500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-0186", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4500. Reason: This candidate is a duplicate of CVE-2005-4500. Notes: All CVE users should reference CVE-2005-4500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0708.json b/2006/0xxx/CVE-2006-0708.json index 62f62551e84..92181ee60c7 100644 --- a/2006/0xxx/CVE-2006-0708.json +++ b/2006/0xxx/CVE-2006-0708.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060213 New winamp m3u/pls .WMA & .M3U Extension overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424903/100/0/threaded" - }, - { - "name" : "http://forums.winamp.com/showthread.php?s=&threadid=238648", - "refsource" : "MISC", - "url" : "http://forums.winamp.com/showthread.php?s=&threadid=238648" - }, - { - "name" : "16623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16623" - }, - { - "name" : "ADV-2006-0613", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0613" - }, - { - "name" : "1015621", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015621" - }, - { - "name" : "444", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/444" - }, - { - "name" : "492", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/492" - }, - { - "name" : "winamp-m3u-filename-bo(24741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741" - }, - { - "name" : "winamp-m3u-wma-bo(24740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740" - }, - { - "name" : "winamp-pls-file1-bo(24739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16623" + }, + { + "name": "20060213 New winamp m3u/pls .WMA & .M3U Extension overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded" + }, + { + "name": "winamp-m3u-wma-bo(24740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740" + }, + { + "name": "ADV-2006-0613", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0613" + }, + { + "name": "http://forums.winamp.com/showthread.php?s=&threadid=238648", + "refsource": "MISC", + "url": "http://forums.winamp.com/showthread.php?s=&threadid=238648" + }, + { + "name": "444", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/444" + }, + { + "name": "492", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/492" + }, + { + "name": "winamp-m3u-filename-bo(24741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741" + }, + { + "name": "winamp-pls-file1-bo(24739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739" + }, + { + "name": "1015621", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015621" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1486.json b/2006/1xxx/CVE-2006-1486.json index 08b473f9c14..a050048e01f 100644 --- a/2006/1xxx/CVE-2006-1486.json +++ b/2006/1xxx/CVE-2006-1486.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html" - }, - { - "name" : "17277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17277" - }, - { - "name" : "ADV-2006-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1128" - }, - { - "name" : "24186", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24186" - }, - { - "name" : "19429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19429" - }, - { - "name" : "realestatezone-index-xss(25487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24186", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24186" + }, + { + "name": "realestatezone-index-xss(25487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25487" + }, + { + "name": "19429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19429" + }, + { + "name": "ADV-2006-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1128" + }, + { + "name": "17277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17277" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1539.json b/2006/1xxx/CVE-2006-1539.json index 1ef30b98950..aa32be73679 100644 --- a/2006/1xxx/CVE-2006-1539.json +++ b/2006/1xxx/CVE-2006-1539.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200603-26", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-26.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=122399", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=122399" - }, - { - "name" : "17308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17308" - }, - { - "name" : "24261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24261" - }, - { - "name" : "19442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19442" - }, - { - "name" : "bsdgames-tetrisbsd-checkscores-bo(25611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=122399", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=122399" + }, + { + "name": "24261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24261" + }, + { + "name": "bsdgames-tetrisbsd-checkscores-bo(25611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25611" + }, + { + "name": "17308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17308" + }, + { + "name": "19442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19442" + }, + { + "name": "GLSA-200603-26", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-26.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1599.json b/2006/1xxx/CVE-2006-1599.json index 4508f99db4d..dc2d4debec3 100644 --- a/2006/1xxx/CVE-2006-1599.json +++ b/2006/1xxx/CVE-2006-1599.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/vcreator/news/2006/03/v-creator-v13-pre3-released/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/vcreator/news/2006/03/v-creator-v13-pre3-released/" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=557129", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=557129" - }, - { - "name" : "17328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17328" - }, - { - "name" : "ADV-2006-1189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1189" - }, - { - "name" : "24304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24304" - }, - { - "name" : "19453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19453" - }, - { - "name" : "vcreator-vcengine-command-execution(25560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vcreator-vcengine-command-execution(25560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25560" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=557129", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=557129" + }, + { + "name": "17328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17328" + }, + { + "name": "19453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19453" + }, + { + "name": "24304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24304" + }, + { + "name": "https://sourceforge.net/p/vcreator/news/2006/03/v-creator-v13-pre3-released/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/vcreator/news/2006/03/v-creator-v13-pre3-released/" + }, + { + "name": "ADV-2006-1189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1189" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1790.json b/2006/1xxx/CVE-2006-1790.json index e681ad64698..012c8e2296f 100644 --- a/2006/1xxx/CVE-2006-1790.json +++ b/2006/1xxx/CVE-2006-1790.json @@ -1,307 +1,307 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "MDKSA-2006:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:021", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:11202", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11202" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "oval:org.mitre.oval:def:1266", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1266" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19794" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "19721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19721" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19729" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "mozilla-installtrigger-memory-corruption(25809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "MDKSA-2006:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "19794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19794" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SUSE-SA:2006:021", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19729" + }, + { + "name": "oval:org.mitre.oval:def:11202", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11202" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "19721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19721" + }, + { + "name": "mozilla-installtrigger-memory-corruption(25809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25809" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "oval:org.mitre.oval:def:1266", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1266" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1924.json b/2006/1xxx/CVE-2006-1924.json index 85ae39a02bc..c71c8c78336 100644 --- a/2006/1xxx/CVE-2006-1924.json +++ b/2006/1xxx/CVE-2006-1924.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060420 LinPHA provenance/acknowledgement", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000709.html" - }, - { - "name" : "17619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17619" - }, - { - "name" : "ADV-2006-1424", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1424" - }, - { - "name" : "24817", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24817" - }, - { - "name" : "19719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19719" - }, - { - "name" : "linpha-functionsdbapi-sql-injection(26268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linpha-functionsdbapi-sql-injection(26268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268" + }, + { + "name": "24817", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24817" + }, + { + "name": "17619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17619" + }, + { + "name": "ADV-2006-1424", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1424" + }, + { + "name": "20060420 LinPHA provenance/acknowledgement", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000709.html" + }, + { + "name": "19719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19719" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5152.json b/2006/5xxx/CVE-2006-5152.json index 650a89b1f36..fa22bd914a7 100644 --- a/2006/5xxx/CVE-2006-5152.json +++ b/2006/5xxx/CVE-2006-5152.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447509/100/0/threaded" - }, - { - "name" : "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447516/100/0/threaded" - }, - { - "name" : "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447574/100/0/threaded" - }, - { - "name" : "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html" - }, - { - "name" : "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html" - }, - { - "name" : "31328", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded" + }, + { + "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html" + }, + { + "name": "31328", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31328" + }, + { + "name": "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447574/100/0/threaded" + }, + { + "name": "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447516/100/0/threaded" + }, + { + "name": "20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5269.json b/2006/5xxx/CVE-2006-5269.json index e2a2f312992..04af4b04513 100644 --- a/2006/5xxx/CVE-2006-5269.json +++ b/2006/5xxx/CVE-2006-5269.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/308.html" - }, - { - "name" : "http://blogs.iss.net/archive/trend.html", - "refsource" : "MISC", - "url" : "http://blogs.iss.net/archive/trend.html" - }, - { - "name" : "VU#768681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768681" - }, - { - "name" : "32261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32261" - }, - { - "name" : "ADV-2008-3127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3127" - }, - { - "name" : "32618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32618" - }, - { - "name" : "application-rpc-interface-bo(31113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32618" + }, + { + "name": "32261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32261" + }, + { + "name": "application-rpc-interface-bo(31113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31113" + }, + { + "name": "VU#768681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768681" + }, + { + "name": "http://blogs.iss.net/archive/trend.html", + "refsource": "MISC", + "url": "http://blogs.iss.net/archive/trend.html" + }, + { + "name": "ADV-2008-3127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3127" + }, + { + "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow", + "refsource": "ISS", + "url": "http://www.iss.net/threats/308.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5374.json b/2006/5xxx/CVE-2006-5374.json index 994d73f8157..981fdeb0da3 100644 --- a/2006/5xxx/CVE-2006-5374.json +++ b/2006/5xxx/CVE-2006-5374.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5956.json b/2006/5xxx/CVE-2006-5956.json index be843727bec..329f98b4023 100644 --- a/2006/5xxx/CVE-2006-5956.json +++ b/2006/5xxx/CVE-2006-5956.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html" - }, - { - "name" : "21054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21054" - }, - { - "name" : "30363", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30363" - }, - { - "name" : "1017218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017218" - }, - { - "name" : "22863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22863" + }, + { + "name": "21054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21054" + }, + { + "name": "1017218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017218" + }, + { + "name": "30363", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30363" + }, + { + "name": "http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2993.json b/2007/2xxx/CVE-2007-2993.json index 3d8afa4985e..46bc784ab56 100644 --- a/2007/2xxx/CVE-2007-2993.json +++ b/2007/2xxx/CVE-2007-2993.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070601 static XSS / SQL-Injection in Omegasoft Insel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470240/100/0/threaded" - }, - { - "name" : "20070601 static XSS / SQL-Injection in Omegasoft Insel", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0003.html" - }, - { - "name" : "24275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24275" - }, - { - "name" : "37021", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37021" - }, - { - "name" : "25545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25545" - }, - { - "name" : "2759", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2759" - }, - { - "name" : "omegasoft-multiple-xss(34677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24275" + }, + { + "name": "20070601 static XSS / SQL-Injection in Omegasoft Insel", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0003.html" + }, + { + "name": "2759", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2759" + }, + { + "name": "omegasoft-multiple-xss(34677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34677" + }, + { + "name": "37021", + "refsource": "OSVDB", + "url": "http://osvdb.org/37021" + }, + { + "name": "25545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25545" + }, + { + "name": "20070601 static XSS / SQL-Injection in Omegasoft Insel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470240/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0531.json b/2010/0xxx/CVE-2010-0531.json index 4046173f12c..79266304395 100644 --- a/2010/0xxx/CVE-2010-0531.json +++ b/2010/0xxx/CVE-2010-0531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4105", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4105" - }, - { - "name" : "APPLE-SA-2010-03-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:7427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7427" - }, - { - "name" : "39135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7427" + }, + { + "name": "39135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39135" + }, + { + "name": "http://support.apple.com/kb/HT4105", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4105" + }, + { + "name": "APPLE-SA-2010-03-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0547.json b/2010/0xxx/CVE-2010-0547.json index 4d0028282da..020356ff1fa 100644 --- a/2010/0xxx/CVE-2010-0547.json +++ b/2010/0xxx/CVE-2010-0547.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054", - "refsource" : "CONFIRM", - "url" : "http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054" - }, - { - "name" : "GLSA-201206-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-29.xml" - }, - { - "name" : "MDVSA-2010:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:090" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "38326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38326" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "ADV-2010-1062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1062" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "GLSA-201206-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-29.xml" + }, + { + "name": "38326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38326" + }, + { + "name": "http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054", + "refsource": "CONFIRM", + "url": "http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054" + }, + { + "name": "MDVSA-2010:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:090" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0676.json b/2010/0xxx/CVE-2010-0676.json index 1f4852446e9..57cbfc52235 100644 --- a/2010/0xxx/CVE-2010-0676.json +++ b/2010/0xxx/CVE-2010-0676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt" - }, - { - "name" : "38267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38267" - }, - { - "name" : "38638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt" + }, + { + "name": "38267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38267" + }, + { + "name": "38638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38638" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0759.json b/2010/0xxx/CVE-2010-0759.json index 76ee085bc18..9b0aa3f584c 100644 --- a/2010/0xxx/CVE-2010-0759.json +++ b/2010/0xxx/CVE-2010-0759.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt" - }, - { - "name" : "11498", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11498" - }, - { - "name" : "38296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38296" - }, - { - "name" : "62486", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62486" - }, - { - "name" : "38637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38637" - }, - { - "name" : "scriptegrator-jsloader-file-include(56380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38637" + }, + { + "name": "62486", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62486" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt" + }, + { + "name": "11498", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11498" + }, + { + "name": "38296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38296" + }, + { + "name": "scriptegrator-jsloader-file-include(56380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56380" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0895.json b/2010/0xxx/CVE-2010-0895.json index c15471da89b..69dbde4cbd5 100644 --- a/2010/0xxx/CVE-2010-0895.json +++ b/2010/0xxx/CVE-2010-0895.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39455" - }, - { - "name" : "osps-solaris-unspecified-var2(57757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "39455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39455" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "osps-solaris-unspecified-var2(57757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57757" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1040.json b/2010/1xxx/CVE-2010-1040.json index 04c554aa4cd..95c57268f49 100644 --- a/2010/1xxx/CVE-2010-1040.json +++ b/2010/1xxx/CVE-2010-1040.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html" - }, - { - "name" : "http://www.openpne.jp/archives/4612/", - "refsource" : "CONFIRM", - "url" : "http://www.openpne.jp/archives/4612/" - }, - { - "name" : "JVN#06874657", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06874657/index.html" - }, - { - "name" : "JVNDB-2010-000006", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html" - }, - { - "name" : "38857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"IP address range limitation\" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the \"simple login\" functionality via unknown vectors related to spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openpne.jp/archives/4612/", + "refsource": "CONFIRM", + "url": "http://www.openpne.jp/archives/4612/" + }, + { + "name": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html" + }, + { + "name": "JVNDB-2010-000006", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html" + }, + { + "name": "38857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38857" + }, + { + "name": "JVN#06874657", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06874657/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3054.json b/2010/3xxx/CVE-2010-3054.json index f0bd6e25389..0e1b3744261 100644 --- a/2010/3xxx/CVE-2010-3054.json +++ b/2010/3xxx/CVE-2010-3054.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "http://support.apple.com/kb/HT4457", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4457" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "RHSA-2010:0736", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0736.html" - }, - { - "name" : "RHSA-2010:0737", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0737.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "42621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42621" - }, - { - "name" : "42317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42317" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "ADV-2010-3045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3045" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-3045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3045" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" + }, + { + "name": "http://support.apple.com/kb/HT4457", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4457" + }, + { + "name": "42621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42621" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "RHSA-2010:0737", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0737.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "42317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42317" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + }, + { + "name": "RHSA-2010:0736", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0736.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3426.json b/2010/3xxx/CVE-2010-3426.json index fcef226d379..80e76664ca5 100644 --- a/2010/3xxx/CVE-2010-3426.json +++ b/2010/3xxx/CVE-2010-3426.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14964", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14964" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt" - }, - { - "name" : "43147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43147" - }, - { - "name" : "jphone-index-file-include(61723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14964", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14964" + }, + { + "name": "43147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43147" + }, + { + "name": "jphone-index-file-include(61723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61723" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3499.json b/2010/3xxx/CVE-2010-3499.json index dedb9b5c825..71d6107a88b 100644 --- a/2010/3xxx/CVE-2010-3499.json +++ b/2010/3xxx/CVE-2010-3499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that \"the inability to catch these files are caused by lacking functionality rather than programming errors.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101018 Antivirus detection after malware execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514356" - }, - { - "name" : "http://www.n00bz.net/antivirus-cve", - "refsource" : "MISC", - "url" : "http://www.n00bz.net/antivirus-cve" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that \"the inability to catch these files are caused by lacking functionality rather than programming errors.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101018 Antivirus detection after malware execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514356" + }, + { + "name": "http://www.n00bz.net/antivirus-cve", + "refsource": "MISC", + "url": "http://www.n00bz.net/antivirus-cve" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4162.json b/2010/4xxx/CVE-2010-4162.json index 98573dc4814..771b2493753 100644 --- a/2010/4xxx/CVE-2010-4162.json +++ b/2010/4xxx/CVE-2010-4162.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/10/18" - }, - { - "name" : "[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/12/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb4644cac4a2797afc847e6c92736664d4b0ea34", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb4644cac4a2797afc847e6c92736664d4b0ea34" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=652529", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=652529" - }, - { - "name" : "FEDORA-2010-18983", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "44793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44793" - }, - { - "name" : "42745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42745" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "42801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42801" - }, - { - "name" : "42932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42932" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "ADV-2010-3321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3321" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0124" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" + }, + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "42801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42801" + }, + { + "name": "SUSE-SA:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" + }, + { + "name": "FEDORA-2010-18983", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" + }, + { + "name": "44793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44793" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "42932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42932" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "ADV-2011-0124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0124" + }, + { + "name": "[oss-security] 20101110 CVE request: kernel: Multiple DoS issues in block layer", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/10/18" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "ADV-2010-3321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3321" + }, + { + "name": "[oss-security] 20101112 Re: CVE request: kernel: Multiple DoS issues in block layer", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/12/2" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=652529", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=652529" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb4644cac4a2797afc847e6c92736664d4b0ea34", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb4644cac4a2797afc847e6c92736664d4b0ea34" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "42745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42745" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4255.json b/2010/4xxx/CVE-2010-4255.json index e30e4f5d81b..c155d36be86 100644 --- a/2010/4xxx/CVE-2010-4255.json +++ b/2010/4xxx/CVE-2010-4255.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20101130 CVE request: xen: x86-64: don't crash Xen upon direct pv guest access", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/30/5" - }, - { - "name" : "[oss-security] 20101130 Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/30/8" - }, - { - "name" : "[xen-devel] 20101129 [PATCH] x86-64: don't crash Xen upon direct pv guest access", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=658155", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=658155" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "RHSA-2011:0017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html" - }, - { - "name" : "42884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42884" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "RHSA-2011:0017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=658155", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155" + }, + { + "name": "[oss-security] 20101130 CVE request: xen: x86-64: don't crash Xen upon direct pv guest access", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/30/5" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "42884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42884" + }, + { + "name": "[xen-devel] 20101129 [PATCH] x86-64: don't crash Xen upon direct pv guest access", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html" + }, + { + "name": "[oss-security] 20101130 Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/30/8" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4429.json b/2010/4xxx/CVE-2010-4429.json index 4a8a34f4793..8ce1f704f2c 100644 --- a/2010/4xxx/CVE-2010-4429.json +++ b/2010/4xxx/CVE-2010-4429.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45860" - }, - { - "name" : "70563", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70563" - }, - { - "name" : "42923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42923" - }, - { - "name" : "ADV-2011-0145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0145" - }, - { - "name" : "oracle-agile-client-sec-bypass(64783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45860" + }, + { + "name": "oracle-agile-client-sec-bypass(64783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64783" + }, + { + "name": "ADV-2011-0145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0145" + }, + { + "name": "70563", + "refsource": "OSVDB", + "url": "http://osvdb.org/70563" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "42923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42923" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4531.json b/2010/4xxx/CVE-2010-4531.json index b819bb6bea7..8ce2e59f872 100644 --- a/2010/4xxx/CVE-2010-4531.json +++ b/2010/4xxx/CVE-2010-4531.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c", - "refsource" : "MLIST", - "url" : "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html" - }, - { - "name" : "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/22/7" - }, - { - "name" : "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/03/3" - }, - { - "name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf", - "refsource" : "MISC", - "url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531" - }, - { - "name" : "DSA-2156", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2156" - }, - { - "name" : "FEDORA-2011-0123", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html" - }, - { - "name" : "FEDORA-2011-0164", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html" - }, - { - "name" : "MDVSA-2011:015", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015" - }, - { - "name" : "45450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45450" - }, - { - "name" : "42912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42912" - }, - { - "name" : "43112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43112" - }, - { - "name" : "ADV-2010-3264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3264" - }, - { - "name" : "ADV-2011-0101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0101" - }, - { - "name" : "ADV-2011-0180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0180" - }, - { - "name" : "ADV-2011-0256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-0123", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html" + }, + { + "name": "ADV-2011-0180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0180" + }, + { + "name": "FEDORA-2011-0164", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html" + }, + { + "name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf", + "refsource": "MISC", + "url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781" + }, + { + "name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/22/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531" + }, + { + "name": "42912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42912" + }, + { + "name": "ADV-2011-0256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0256" + }, + { + "name": "ADV-2011-0101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0101" + }, + { + "name": "ADV-2010-3264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3264" + }, + { + "name": "[Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c", + "refsource": "MLIST", + "url": "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html" + }, + { + "name": "43112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43112" + }, + { + "name": "45450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45450" + }, + { + "name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/03/3" + }, + { + "name": "DSA-2156", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2156" + }, + { + "name": "MDVSA-2011:015", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4778.json b/2010/4xxx/CVE-2010-4778.json index c6bce84d588..bdd8468bb9e 100644 --- a/2010/4xxx/CVE-2010-4778.json +++ b/2010/4xxx/CVE-2010-4778.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11", - "refsource" : "CONFIRM", - "url" : "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11" - }, - { - "name" : "ADV-2010-2513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11", + "refsource": "CONFIRM", + "url": "http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11" + }, + { + "name": "ADV-2010-2513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2513" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0137.json b/2014/0xxx/CVE-2014-0137.json index 2dcbd0accda..09b6d6f2b9f 100644 --- a/2014/0xxx/CVE-2014-0137.json +++ b/2014/0xxx/CVE-2014-0137.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0469", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0469.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0469", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0193.json b/2014/0xxx/CVE-2014-0193.json index d45fba04978..ccfa992c2c7 100644 --- a/2014/0xxx/CVE-2014-0193.json +++ b/2014/0xxx/CVE-2014-0193.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://netty.io/news/2014/04/30/release-day.html", - "refsource" : "CONFIRM", - "url" : "http://netty.io/news/2014/04/30/release-day.html" - }, - { - "name" : "https://github.com/netty/netty/issues/2441", - "refsource" : "CONFIRM", - "url" : "https://github.com/netty/netty/issues/2441" - }, - { - "name" : "RHSA-2014:1019", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1019.html" - }, - { - "name" : "RHSA-2014:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1020.html" - }, - { - "name" : "RHSA-2014:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1021.html" - }, - { - "name" : "RHSA-2014:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "67182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67182" - }, - { - "name" : "58280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58280" - }, - { - "name" : "59290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67182" + }, + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "59290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59290" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "RHSA-2014:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" + }, + { + "name": "RHSA-2014:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" + }, + { + "name": "https://github.com/netty/netty/issues/2441", + "refsource": "CONFIRM", + "url": "https://github.com/netty/netty/issues/2441" + }, + { + "name": "58280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58280" + }, + { + "name": "RHSA-2014:1019", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" + }, + { + "name": "http://netty.io/news/2014/04/30/release-day.html", + "refsource": "CONFIRM", + "url": "http://netty.io/news/2014/04/30/release-day.html" + }, + { + "name": "RHSA-2014:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10042.json b/2014/10xxx/CVE-2014-10042.json index cc9e3c36e03..d70887aa976 100644 --- a/2014/10xxx/CVE-2014-10042.json +++ b/2014/10xxx/CVE-2014-10042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4175.json b/2014/4xxx/CVE-2014-4175.json index ac3e0516294..306c7a4062a 100644 --- a/2014/4xxx/CVE-2014-4175.json +++ b/2014/4xxx/CVE-2014-4175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4492.json b/2014/4xxx/CVE-2014-4492.json index 10b628aa656..10e9e7a8ef7 100644 --- a/2014/4xxx/CVE-2014-4492.json +++ b/2014/4xxx/CVE-2014-4492.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35847", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35847" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=92", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=92" - }, - { - "name" : "http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "114862", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/114862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=92", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=92" + }, + { + "name": "114862", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/114862" + }, + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "35847", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35847" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4720.json b/2014/4xxx/CVE-2014-4720.json index 50016f8d643..9d735fcb4bc 100644 --- a/2014/4xxx/CVE-2014-4720.json +++ b/2014/4xxx/CVE-2014-4720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140614 CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/563" - }, - { - "name" : "https://github.com/rjbs/Email-Address/blob/master/Changes", - "refsource" : "CONFIRM", - "url" : "https://github.com/rjbs/Email-Address/blob/master/Changes" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140614 CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/563" + }, + { + "name": "https://github.com/rjbs/Email-Address/blob/master/Changes", + "refsource": "CONFIRM", + "url": "https://github.com/rjbs/Email-Address/blob/master/Changes" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4919.json b/2014/4xxx/CVE-2014-4919.json index 5a307e42ec1..530273c492b 100644 --- a/2014/4xxx/CVE-2014-4919.json +++ b/2014/4xxx/CVE-2014-4919.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.oxid-esales.com/view.php?id=5814", - "refsource" : "CONFIRM", - "url" : "https://bugs.oxid-esales.com/view.php?id=5814" - }, - { - "name" : "https://oxidforge.org/en/security-bulletin-2014-003.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2014-003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://oxidforge.org/en/security-bulletin-2014-003.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2014-003.html" + }, + { + "name": "https://bugs.oxid-esales.com/view.php?id=5814", + "refsource": "CONFIRM", + "url": "https://bugs.oxid-esales.com/view.php?id=5814" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8334.json b/2014/8xxx/CVE-2014-8334.json index 61ee3f34c91..b50772344b4 100644 --- a/2014/8xxx/CVE-2014-8334.json +++ b/2014/8xxx/CVE-2014-8334.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka \"Path to Backup:\" field) or (2) $backup['mysqldumppath'] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141021 Vulnerabilities in WordPress Database Manager v2.7.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533763/100/0/threaded" - }, - { - "name" : "20141022 Vulnerabilities in WordPress Database Manager v2.7.1", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/99" - }, - { - "name" : "[oss-security] 20141016 Vulnerabilities in WordPress Database Manager v2.7.1", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/365" - }, - { - "name" : "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/410" - }, - { - "name" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html" - }, - { - "name" : "https://wordpress.org/plugins/wp-dbmanager/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-dbmanager/changelog/" - }, - { - "name" : "70626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70626" - }, - { - "name" : "113508", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/113508" - }, - { - "name" : "dbmgr-wp-cve20148334-command-exec(97689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka \"Path to Backup:\" field) or (2) $backup['mysqldumppath'] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/410" + }, + { + "name": "20141022 Vulnerabilities in WordPress Database Manager v2.7.1", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/99" + }, + { + "name": "20141021 Vulnerabilities in WordPress Database Manager v2.7.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533763/100/0/threaded" + }, + { + "name": "https://wordpress.org/plugins/wp-dbmanager/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-dbmanager/changelog/" + }, + { + "name": "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html" + }, + { + "name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html" + }, + { + "name": "[oss-security] 20141016 Vulnerabilities in WordPress Database Manager v2.7.1", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/365" + }, + { + "name": "dbmgr-wp-cve20148334-command-exec(97689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97689" + }, + { + "name": "113508", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/113508" + }, + { + "name": "70626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70626" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8896.json b/2014/8xxx/CVE-2014-8896.json index a6d99a052c7..5cd93c2f573 100644 --- a/2014/8xxx/CVE-2014-8896.json +++ b/2014/8xxx/CVE-2014-8896.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692176", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692176" - }, - { - "name" : "ibm-infospheremdm-cve20148896-priv-esc(99049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692176", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692176" + }, + { + "name": "ibm-infospheremdm-cve20148896-priv-esc(99049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99049" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9005.json b/2014/9xxx/CVE-2014-9005.json index ca8d8e04cc8..24a25c30614 100644 --- a/2014/9xxx/CVE-2014-9005.json +++ b/2014/9xxx/CVE-2014-9005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35193", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35193" - }, - { - "name" : "vldpersonals-index-sql-injection(98746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35193", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35193" + }, + { + "name": "vldpersonals-index-sql-injection(98746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98746" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9165.json b/2014/9xxx/CVE-2014-9165.json index 3aabf372161..249ea94ed45 100644 --- a/2014/9xxx/CVE-2014-9165.json +++ b/2014/9xxx/CVE-2014-9165.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-9165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9292.json b/2014/9xxx/CVE-2014-9292.json index b459bc57b90..73ec7c8b206 100644 --- a/2014/9xxx/CVE-2014-9292.json +++ b/2014/9xxx/CVE-2014-9292.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9312.json b/2014/9xxx/CVE-2014-9312.json index b0643ed8345..01d2fa20d86 100644 --- a/2014/9xxx/CVE-2014-9312.json +++ b/2014/9xxx/CVE-2014-9312.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted File Upload vulnerability in Photo Gallery 1.2.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html" - }, - { - "name" : "72620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted File Upload vulnerability in Photo Gallery 1.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html" + }, + { + "name": "72620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72620" + }, + { + "name": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2058.json b/2016/2xxx/CVE-2016-2058.json index 6d8dca1e6d3..3f2f753553c 100644 --- a/2016/2xxx/CVE-2016-2058.json +++ b/2016/2xxx/CVE-2016-2058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537522/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" - }, - { - "name" : "https://sourceforge.net/p/xymon/code/7892/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/xymon/code/7892/" - }, - { - "name" : "DSA-3495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded" + }, + { + "name": "https://sourceforge.net/p/xymon/code/7892/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/xymon/code/7892/" + }, + { + "name": "DSA-3495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3495" + }, + { + "name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3193.json b/2016/3xxx/CVE-2016-3193.json index 0397baf0d1d..5f8a3aa1a74 100644 --- a/2016/3xxx/CVE-2016-3193.json +++ b/2016/3xxx/CVE-2016-3193.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1" - }, - { - "name" : "92458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92458" - }, - { - "name" : "1036550", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036550", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036550" + }, + { + "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1" + }, + { + "name": "92458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92458" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3576.json b/2016/3xxx/CVE-2016-3576.json index 70df25c0d45..b359658c621 100644 --- a/2016/3xxx/CVE-2016-3576.json +++ b/2016/3xxx/CVE-2016-3576.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91923" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91923" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3780.json b/2016/3xxx/CVE-2016-3780.json index 85b0b7e90e1..f3990a1dc01 100644 --- a/2016/3xxx/CVE-2016-3780.json +++ b/2016/3xxx/CVE-2016-3780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3780", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3780", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6395.json b/2016/6xxx/CVE-2016-6395.json index f34b6326ca8..4a7ed1bbe90 100644 --- a/2016/6xxx/CVE-2016-6395.json +++ b/2016/6xxx/CVE-2016-6395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss" - }, - { - "name" : "92824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92824" - }, - { - "name" : "1036755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036755" + }, + { + "name": "92824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92824" + }, + { + "name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6601.json b/2016/6xxx/CVE-2016-6601.json index 57c8c951c02..a737bc5a1ed 100644 --- a/2016/6xxx/CVE-2016-6601.json +++ b/2016/6xxx/CVE-2016-6601.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539159/100/0/threaded" - }, - { - "name" : "40229", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40229/" - }, - { - "name" : "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/54" - }, - { - "name" : "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure" - }, - { - "name" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download" - }, - { - "name" : "https://blogs.securiteam.com/index.php/archives/2712", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/2712" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt" - }, - { - "name" : "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", - "refsource" : "CONFIRM", - "url" : "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them" - }, - { - "name" : "92402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/54" + }, + { + "name": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", + "refsource": "CONFIRM", + "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them" + }, + { + "name": "92402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92402" + }, + { + "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download" + }, + { + "name": "40229", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40229/" + }, + { + "name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded" + }, + { + "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure" + }, + { + "name": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/2712", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/2712" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6668.json b/2016/6xxx/CVE-2016-6668.json index bd4702798c5..db9b635f215 100644 --- a/2016/6xxx/CVE-2016-6668.json +++ b/2016/6xxx/CVE-2016-6668.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539530/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html" - }, - { - "name" : "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html" - }, - { - "name" : "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html" - }, - { - "name" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html" - }, - { - "name" : "93159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded" + }, + { + "name": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html" + }, + { + "name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html" + }, + { + "name": "93159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93159" + }, + { + "name": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html" + }, + { + "name": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6689.json b/2016/6xxx/CVE-2016-6689.json index 03013c9fd8c..7f1293dfdbe 100644 --- a/2016/6xxx/CVE-2016-6689.json +++ b/2016/6xxx/CVE-2016-6689.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40515", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40515/" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93323" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "40515", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40515/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6940.json b/2016/6xxx/CVE-2016-6940.json index 81ed3b4d8ad..d50f25ec35a 100644 --- a/2016/6xxx/CVE-2016-6940.json +++ b/2016/6xxx/CVE-2016-6940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7056.json b/2016/7xxx/CVE-2016-7056.json index bd036cf454e..1091876e284 100644 --- a/2016/7xxx/CVE-2016-7056.json +++ b/2016/7xxx/CVE-2016-7056.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-7056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openssl", - "version" : { - "version_data" : [ - { - "version_value" : "openssl 1.0.1u" - } - ] - } - } - ] - }, - "vendor_name" : "The OpenSSL Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-385" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openssl", + "version": { + "version_data": [ + { + "version_value": "openssl 1.0.1u" + } + ] + } + } + ] + }, + "vendor_name": "The OpenSSL Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)", - "refsource" : "MLIST", - "url" : "https://seclists.org/oss-sec/2017/q1/52" - }, - { - "name" : "https://eprint.iacr.org/2016/1195", - "refsource" : "MISC", - "url" : "https://eprint.iacr.org/2016/1195" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008" - }, - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig", - "refsource" : "CONFIRM", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig" - }, - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig", - "refsource" : "CONFIRM", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig" - }, - { - "name" : "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html", - "refsource" : "CONFIRM", - "url" : "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-7056", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-7056" - }, - { - "name" : "DSA-3773", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3773" - }, - { - "name" : "RHSA-2017:1413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name" : "RHSA-2017:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name" : "RHSA-2017:1415", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name" : "RHSA-2017:1801", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1801" - }, - { - "name" : "RHSA-2017:1802", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1802" - }, - { - "name" : "95375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95375" - }, - { - "name" : "1037575", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-385" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://eprint.iacr.org/2016/1195", + "refsource": "MISC", + "url": "https://eprint.iacr.org/2016/1195" + }, + { + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008" + }, + { + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig", + "refsource": "CONFIRM", + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig" + }, + { + "name": "1037575", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037575" + }, + { + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "name": "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)", + "refsource": "MLIST", + "url": "https://seclists.org/oss-sec/2017/q1/52" + }, + { + "name": "DSA-3773", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3773" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056" + }, + { + "name": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html", + "refsource": "CONFIRM", + "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html" + }, + { + "name": "95375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95375" + }, + { + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig", + "refsource": "CONFIRM", + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-7056", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-7056" + }, + { + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7490.json b/2016/7xxx/CVE-2016-7490.json index fb4abf2dfdf..8265ba7c439 100644 --- a/2016/7xxx/CVE-2016-7490.json +++ b/2016/7xxx/CVE-2016-7490.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "ID" : "CVE-2016-7490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Studio Express", - "version" : { - "version_data" : [ - { - "version_value" : "15.12.00.00" - } - ] - } - } - ] - }, - "vendor_name" : "Teradata" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "symlink" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "ID": "CVE-2016-7490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Express", + "version": { + "version_data": [ + { + "version_value": "15.12.00.00" + } + ] + } + } + ] + }, + "vendor_name": "Teradata" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=174", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=174" - }, - { - "name" : "94255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "symlink" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=174", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=174" + }, + { + "name": "94255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94255" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7622.json b/2016/7xxx/CVE-2016-7622.json index 5a4f5ce9534..766e494eb44 100644 --- a/2016/7xxx/CVE-2016-7622.json +++ b/2016/7xxx/CVE-2016-7622.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Grapher\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Grapher\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7779.json b/2016/7xxx/CVE-2016-7779.json index 9ab7690ff26..e44299267b2 100644 --- a/2016/7xxx/CVE-2016-7779.json +++ b/2016/7xxx/CVE-2016-7779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7887.json b/2016/7xxx/CVE-2016-7887.json index 518e75b919e..4873ec86ab3 100644 --- a/2016/7xxx/CVE-2016-7887.json +++ b/2016/7xxx/CVE-2016-7887.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion Builder 2016 update 2 and earlier, 3.0.3 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion Builder 2016 update 2 and earlier, 3.0.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak Encryption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion Builder 2016 update 2 and earlier, 3.0.3 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion Builder 2016 update 2 and earlier, 3.0.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html" - }, - { - "name" : "94874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94874" - }, - { - "name" : "1037443", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak Encryption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html" + }, + { + "name": "1037443", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037443" + }, + { + "name": "94874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94874" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7992.json b/2016/7xxx/CVE-2016-7992.json index 734781808dd..5efb4bc9cea 100644 --- a/2016/7xxx/CVE-2016-7992.json +++ b/2016/7xxx/CVE-2016-7992.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8231.json b/2016/8xxx/CVE-2016-8231.json index 56fef5fc632..52ba73513f1 100644 --- a/2016/8xxx/CVE-2016-8231.json +++ b/2016/8xxx/CVE-2016-8231.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Service Bridge", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than version 4" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure code signing certificate validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "version_value": "Earlier than version 4" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-10149", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-10149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure code signing certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-10149", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-10149" + } + ] + } +} \ No newline at end of file