diff --git a/2006/1xxx/CVE-2006-1535.json b/2006/1xxx/CVE-2006-1535.json index a7f862c857b..a32daae19fb 100644 --- a/2006/1xxx/CVE-2006-1535.json +++ b/2006/1xxx/CVE-2006-1535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060328 PhxContacts <= 0.93.1 beta Multiple SQL injection & xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429259/100/0/threaded" - }, - { - "name" : "17307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17307" + }, + { + "name": "20060328 PhxContacts <= 0.93.1 beta Multiple SQL injection & xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429259/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1810.json b/2006/1xxx/CVE-2006-1810.json index 95f8108a868..92c2cdfd123 100644 --- a/2006/1xxx/CVE-2006-1810.json +++ b/2006/1xxx/CVE-2006-1810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060416 FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431121/100/0/threaded" - }, - { - "name" : "17539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17539" + }, + { + "name": "20060416 FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431121/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5257.json b/2006/5xxx/CVE-2006-5257.json index c6e3f02faa4..0137004b23c 100644 --- a/2006/5xxx/CVE-2006-5257.json +++ b/2006/5xxx/CVE-2006-5257.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2489", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2489" - }, - { - "name" : "20403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20403" - }, - { - "name" : "ciamos-config-file-include(29398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciamos-config-file-include(29398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398" + }, + { + "name": "20403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20403" + }, + { + "name": "2489", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2489" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5842.json b/2006/5xxx/CVE-2006-5842.json index 320ff2cb97e..a04070f95f5 100644 --- a/2006/5xxx/CVE-2006-5842.json +++ b/2006/5xxx/CVE-2006-5842.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461942", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461942" - }, - { - "name" : "20981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20981" - }, - { - "name" : "ADV-2006-4419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4419" - }, - { - "name" : "22765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22765" - }, - { - "name" : "unicore-keystore-information-disclosure(30157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22765" + }, + { + "name": "20981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20981" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461942", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461942" + }, + { + "name": "unicore-keystore-information-disclosure(30157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30157" + }, + { + "name": "ADV-2006-4419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4419" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2215.json b/2007/2xxx/CVE-2007-2215.json index e14aff79e62..5f292e46b1e 100644 --- a/2007/2xxx/CVE-2007-2215.json +++ b/2007/2xxx/CVE-2007-2215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2215", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-2215", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2546.json b/2007/2xxx/CVE-2007-2546.json index e46a49f18a2..08b65c0b441 100644 --- a/2007/2xxx/CVE-2007-2546.json +++ b/2007/2xxx/CVE-2007-2546.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467748/100/0/threaded" - }, - { - "name" : "20070614 Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471414/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls47", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls47" - }, - { - "name" : "24482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24482" - }, - { - "name" : "35705", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35705" - }, - { - "name" : "25139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25139" - }, - { - "name" : "2676", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25139" + }, + { + "name": "20070614 Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471414/100/0/threaded" + }, + { + "name": "35705", + "refsource": "OSVDB", + "url": "http://osvdb.org/35705" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls47", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls47" + }, + { + "name": "20070505 [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467748/100/0/threaded" + }, + { + "name": "2676", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2676" + }, + { + "name": "24482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24482" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2555.json b/2007/2xxx/CVE-2007-2555.json index 2b64449fa76..18ecd58032c 100644 --- a/2007/2xxx/CVE-2007-2555.json +++ b/2007/2xxx/CVE-2007-2555.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to \"cookie manipulation.\" NOTE: this issue might be cross-site scripting (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 Podium CMS - Cookie Manipulation Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467823/100/0/threaded" - }, - { - "name" : "20070509 Re: Podium CMS - Cookie Manipulation Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468058/100/0/threaded" - }, - { - "name" : "36182", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36182" - }, - { - "name" : "2664", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to \"cookie manipulation.\" NOTE: this issue might be cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070509 Re: Podium CMS - Cookie Manipulation Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468058/100/0/threaded" + }, + { + "name": "2664", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2664" + }, + { + "name": "20070505 Podium CMS - Cookie Manipulation Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467823/100/0/threaded" + }, + { + "name": "36182", + "refsource": "OSVDB", + "url": "http://osvdb.org/36182" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3242.json b/2007/3xxx/CVE-2007-3242.json index 7e71550fc64..71baac12fe6 100644 --- a/2007/3xxx/CVE-2007-3242.json +++ b/2007/3xxx/CVE-2007-3242.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070612 Menu Manager Mod for WebAPP - No Input Filtering", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471213/100/0/threaded" - }, - { - "name" : "20070618 Re: Menu Manager Mod for WebAPP - No Input Filtering", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471638/100/100/threaded" - }, - { - "name" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=3", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=3" - }, - { - "name" : "20070627 Web-APP.org feedback on CVE-2007-3242", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-June/001686.html" - }, - { - "name" : "24453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24453" - }, - { - "name" : "webapp-menu-command-execution(34845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=3", + "refsource": "CONFIRM", + "url": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=3" + }, + { + "name": "24453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24453" + }, + { + "name": "20070627 Web-APP.org feedback on CVE-2007-3242", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-June/001686.html" + }, + { + "name": "20070612 Menu Manager Mod for WebAPP - No Input Filtering", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471213/100/0/threaded" + }, + { + "name": "20070618 Re: Menu Manager Mod for WebAPP - No Input Filtering", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471638/100/100/threaded" + }, + { + "name": "webapp-menu-command-execution(34845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34845" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6296.json b/2007/6xxx/CVE-2007-6296.json index ddf0f0feae2..dfd7d50b45c 100644 --- a/2007/6xxx/CVE-2007-6296.json +++ b/2007/6xxx/CVE-2007-6296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 RFI and Multiple XSS in PhpMyChat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484575/100/0/threaded" - }, - { - "name" : "3426", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071204 RFI and Multiple XSS in PhpMyChat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded" + }, + { + "name": "3426", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3426" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6303.json b/2007/6xxx/CVE-2007-6303.json index 8c3bd58faaa..dfbca35aeb2 100644 --- a/2007/6xxx/CVE-2007-6303.json +++ b/2007/6xxx/CVE-2007-6303.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487606/100/0/threaded" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=29908", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=29908" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html" - }, - { - "name" : "http://lists.mysql.com/announce/502", - "refsource" : "CONFIRM", - "url" : "http://lists.mysql.com/announce/502" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2187", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2187" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040" - }, - { - "name" : "FEDORA-2007-4465", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html" - }, - { - "name" : "FEDORA-2007-4471", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html" - }, - { - "name" : "GLSA-200804-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-04.xml" - }, - { - "name" : "MDVSA-2008:017", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:017" - }, - { - "name" : "RHSA-2007:1157", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1157.html" - }, - { - "name" : "SUSE-SR:2008:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" - }, - { - "name" : "USN-588-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-588-1" - }, - { - "name" : "26832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26832" - }, - { - "name" : "ADV-2007-4198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4198" - }, - { - "name" : "1019085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019085" - }, - { - "name" : "28063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28063" - }, - { - "name" : "28025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28025" - }, - { - "name" : "28739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28739" - }, - { - "name" : "28838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28838" - }, - { - "name" : "29443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29443" - }, - { - "name" : "29706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29706" - }, - { - "name" : "mysql-definer-value-privilege-escalation(38989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040" + }, + { + "name": "http://lists.mysql.com/announce/502", + "refsource": "CONFIRM", + "url": "http://lists.mysql.com/announce/502" + }, + { + "name": "GLSA-200804-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-04.xml" + }, + { + "name": "29706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29706" + }, + { + "name": "mysql-definer-value-privilege-escalation(38989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38989" + }, + { + "name": "29443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29443" + }, + { + "name": "MDVSA-2008:017", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:017" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2187", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2187" + }, + { + "name": "FEDORA-2007-4465", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html" + }, + { + "name": "RHSA-2007:1157", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1157.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html" + }, + { + "name": "ADV-2007-4198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4198" + }, + { + "name": "FEDORA-2007-4471", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=29908", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=29908" + }, + { + "name": "26832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26832" + }, + { + "name": "1019085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019085" + }, + { + "name": "28025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28025" + }, + { + "name": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html" + }, + { + "name": "20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487606/100/0/threaded" + }, + { + "name": "28838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28838" + }, + { + "name": "USN-588-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-588-1" + }, + { + "name": "28063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28063" + }, + { + "name": "SUSE-SR:2008:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" + }, + { + "name": "28739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28739" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6379.json b/2007/6xxx/CVE-2007-6379.json index 2ade0d77d6f..5767c911bf6 100644 --- a/2007/6xxx/CVE-2007-6379.json +++ b/2007/6xxx/CVE-2007-6379.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071210 Multiple vulnerabilities in BadBlue 2.72b", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484834/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/badblue-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/badblue-adv.txt" - }, - { - "name" : "26803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26803" - }, - { - "name" : "ADV-2007-4160", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4160" - }, - { - "name" : "42418", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42418" - }, - { - "name" : "28031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28031" - }, - { - "name" : "3448", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3448", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3448" + }, + { + "name": "28031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28031" + }, + { + "name": "42418", + "refsource": "OSVDB", + "url": "http://osvdb.org/42418" + }, + { + "name": "26803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26803" + }, + { + "name": "20071210 Multiple vulnerabilities in BadBlue 2.72b", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/badblue-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/badblue-adv.txt" + }, + { + "name": "ADV-2007-4160", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4160" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6410.json b/2007/6xxx/CVE-2007-6410.json index 9b73690ae76..edd738b54ca 100644 --- a/2007/6xxx/CVE-2007-6410.json +++ b/2007/6xxx/CVE-2007-6410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified \"crafted link,\" possibly related to the gg protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071205 [ELEYTT] Public Advisory 05-12-2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484607/100/0/threaded" - }, - { - "name" : "3458", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified \"crafted link,\" possibly related to the gg protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071205 [ELEYTT] Public Advisory 05-12-2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded" + }, + { + "name": "3458", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3458" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0050.json b/2010/0xxx/CVE-2010-0050.json index 50914cde51e..b6ee096f7fa 100644 --- a/2010/0xxx/CVE-2010-0050.json +++ b/2010/0xxx/CVE-2010-0050.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "oval:org.mitre.oval:def:7587", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7587" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "safari-nested-html-code-exec(56836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "safari-nested-html-code-exec(56836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56836" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "oval:org.mitre.oval:def:7587", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7587" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0421.json b/2010/0xxx/CVE-2010-0421.json index 342323d6d29..82ad29216ce 100644 --- a/2010/0xxx/CVE-2010-0421.json +++ b/2010/0xxx/CVE-2010-0421.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=555831", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555831" - }, - { - "name" : "DSA-2019", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2019" - }, - { - "name" : "MDVSA-2010:121", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121" - }, - { - "name" : "RHSA-2010:0140", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0140.html" - }, - { - "name" : "SUSE-SR:2010:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "38760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38760" - }, - { - "name" : "oval:org.mitre.oval:def:9417", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417" - }, - { - "name" : "1023711", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023711" - }, - { - "name" : "39041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39041" - }, - { - "name" : "ADV-2010-0627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0627" - }, - { - "name" : "ADV-2010-0661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0661" - }, - { - "name" : "ADV-2010-1552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:121", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121" + }, + { + "name": "ADV-2010-1552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1552" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=555831", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831" + }, + { + "name": "oval:org.mitre.oval:def:9417", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2" + }, + { + "name": "39041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39041" + }, + { + "name": "DSA-2019", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2019" + }, + { + "name": "RHSA-2010:0140", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "ADV-2010-0661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0661" + }, + { + "name": "SUSE-SR:2010:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html" + }, + { + "name": "SUSE-SR:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" + }, + { + "name": "38760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38760" + }, + { + "name": "ADV-2010-0627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0627" + }, + { + "name": "1023711", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023711" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0539.json b/2010/0xxx/CVE-2010-0539.json index 005fd92dd0b..114cc3d781d 100644 --- a/2010/0xxx/CVE-2010-0539.json +++ b/2010/0xxx/CVE-2010-0539.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "40240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40240" - }, - { - "name" : "1024012", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024012" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "40240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40240" + }, + { + "name": "1024012", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024012" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0560.json b/2010/0xxx/CVE-2010-0560.json index d832dc4e3a7..b692b91dfce 100644 --- a/2010/0xxx/CVE-2010-0560.json +++ b/2010/0xxx/CVE-2010-0560.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, DH, DP, and DQ Series allows local administrators to execute arbitrary code in System Management Mode (SSM) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr" - }, - { - "name" : "38251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38251" - }, - { - "name" : "62071", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62071" - }, - { - "name" : "38413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38413" - }, - { - "name" : "ADV-2010-0271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0271" - }, - { - "name" : "intel-bios-privilege-escalation(56384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, DH, DP, and DQ Series allows local administrators to execute arbitrary code in System Management Mode (SSM) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38413" + }, + { + "name": "38251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38251" + }, + { + "name": "intel-bios-privilege-escalation(56384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56384" + }, + { + "name": "ADV-2010-0271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0271" + }, + { + "name": "62071", + "refsource": "OSVDB", + "url": "http://osvdb.org/62071" + }, + { + "name": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr", + "refsource": "CONFIRM", + "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0611.json b/2010/0xxx/CVE-2010-0611.json index a1270202533..800347ac76c 100644 --- a/2010/0xxx/CVE-2010-0611.json +++ b/2010/0xxx/CVE-2010-0611.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt" - }, - { - "name" : "11346", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11346" - }, - { - "name" : "38139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38139" - }, - { - "name" : "baalsystems-adminlogin-sql-injection(56147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt" + }, + { + "name": "baalsystems-adminlogin-sql-injection(56147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56147" + }, + { + "name": "11346", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11346" + }, + { + "name": "38139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38139" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0623.json b/2010/0xxx/CVE-2010-0623.json index 7ca406b933d..79faa6a3677 100644 --- a/2010/0xxx/CVE-2010-0623.json +++ b/2010/0xxx/CVE-2010-0623.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/11/2" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=14256", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=14256" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7" - }, - { - "name" : "MDVSA-2010:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" - }, - { - "name" : "SUSE-SA:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html" - }, - { - "name" : "USN-914-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-914-1" - }, - { - "name" : "38922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38922" - }, - { - "name" : "ADV-2010-0638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-914-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-914-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7" + }, + { + "name": "ADV-2010-0638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0638" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=14256", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14256" + }, + { + "name": "MDVSA-2010:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" + }, + { + "name": "38922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38922" + }, + { + "name": "SUSE-SA:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc" + }, + { + "name": "[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/11/2" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1232.json b/2010/1xxx/CVE-2010-1232.json index 7da64e47612..4d745227fd9 100644 --- a/2010/1xxx/CVE-2010-1232.json +++ b/2010/1xxx/CVE-2010-1232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=34978", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=34978" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14000", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=34978", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=34978" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14000", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14000" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1536.json b/2010/1xxx/CVE-2010-1536.json index e92d06619d7..c689e86a193 100644 --- a/2010/1xxx/CVE-2010-1536.json +++ b/2010/1xxx/CVE-2010-1536.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/731568", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/731568" - }, - { - "name" : "http://drupal.org/node/731576", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/731576" - }, - { - "name" : "http://drupal.org/node/731578", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/731578" - }, - { - "name" : "38513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38513" - }, - { - "name" : "38818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38818" + }, + { + "name": "http://drupal.org/node/731578", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/731578" + }, + { + "name": "http://drupal.org/node/731568", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/731568" + }, + { + "name": "http://drupal.org/node/731576", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/731576" + }, + { + "name": "38513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38513" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1610.json b/2010/1xxx/CVE-2010-1610.json index 1e2259fd72d..fe96bf49fa2 100644 --- a/2010/1xxx/CVE-2010-1610.json +++ b/2010/1xxx/CVE-2010-1610.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to \"user/user/insert.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100202 OpenCart CSRF Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509313/100/0/threaded" - }, - { - "name" : "http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/", - "refsource" : "MISC", - "url" : "http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/" - }, - { - "name" : "http://forum.opencart.com/viewtopic.php?f=16&t=10203&p=49654&hilit=csrf#p49654", - "refsource" : "CONFIRM", - "url" : "http://forum.opencart.com/viewtopic.php?f=16&t=10203&p=49654&hilit=csrf#p49654" - }, - { - "name" : "38419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38419" - }, - { - "name" : "opencart-admin-csrf(56061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to \"user/user/insert.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100202 OpenCart CSRF Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509313/100/0/threaded" + }, + { + "name": "opencart-admin-csrf(56061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56061" + }, + { + "name": "http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/", + "refsource": "MISC", + "url": "http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/" + }, + { + "name": "http://forum.opencart.com/viewtopic.php?f=16&t=10203&p=49654&hilit=csrf#p49654", + "refsource": "CONFIRM", + "url": "http://forum.opencart.com/viewtopic.php?f=16&t=10203&p=49654&hilit=csrf#p49654" + }, + { + "name": "38419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38419" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4752.json b/2010/4xxx/CVE-2010-4752.json index 74ea4fdd8e7..6ee82f2eaf7 100644 --- a/2010/4xxx/CVE-2010-4752.json +++ b/2010/4xxx/CVE-2010-4752.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", - "refsource" : "MISC", - "url" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" - }, - { - "name" : "45230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45230" - }, - { - "name" : "42391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42391" - }, - { - "name" : "lightneasy-page-sql-injection(63722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lightneasy-page-sql-injection(63722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63722" + }, + { + "name": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", + "refsource": "MISC", + "url": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" + }, + { + "name": "45230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45230" + }, + { + "name": "42391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42391" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4959.json b/2010/4xxx/CVE-2010-4959.json index 35f4b8afb7e..7a15a4ebd02 100644 --- a/2010/4xxx/CVE-2010-4959.json +++ b/2010/4xxx/CVE-2010-4959.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14378", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14378" - }, - { - "name" : "http://www.packetstormsecurity.com/1007-exploits/prepodcastportal-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1007-exploits/prepodcastportal-sql.txt" - }, - { - "name" : "66511", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66511" - }, - { - "name" : "40705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40705" - }, - { - "name" : "8469", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8469" - }, - { - "name" : "prepodcastportal-login-sql-injection(60631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14378", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14378" + }, + { + "name": "prepodcastportal-login-sql-injection(60631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60631" + }, + { + "name": "40705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40705" + }, + { + "name": "8469", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8469" + }, + { + "name": "http://www.packetstormsecurity.com/1007-exploits/prepodcastportal-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1007-exploits/prepodcastportal-sql.txt" + }, + { + "name": "66511", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66511" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0047.json b/2014/0xxx/CVE-2014-0047.json index 7f9cd8d0ac7..692f93e2685 100644 --- a/2014/0xxx/CVE-2014-0047.json +++ b/2014/0xxx/CVE-2014-0047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150324 Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/24/23" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063549", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063549" - }, - { - "name" : "73315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73315" + }, + { + "name": "[oss-security] 20150324 Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/24/23" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1063549", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063549" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0091.json b/2014/0xxx/CVE-2014-0091.json index cdec84cf4ce..cfd6e51deb9 100644 --- a/2014/0xxx/CVE-2014-0091.json +++ b/2014/0xxx/CVE-2014-0091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0127.json b/2014/0xxx/CVE-2014-0127.json index aafd4265ee2..33e6790a75b 100644 --- a/2014/0xxx/CVE-2014-0127.json +++ b/2014/0xxx/CVE-2014-0127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140317 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/03/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=256417", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=256417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140317 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/03/17/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=256417", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=256417" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0706.json b/2014/0xxx/CVE-2014-0706.json index 83dc58b34c2..f1669567dc5 100644 --- a/2014/0xxx/CVE-2014-0706.json +++ b/2014/0xxx/CVE-2014-0706.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0836.json b/2014/0xxx/CVE-2014-0836.json index b7dbc0bf96a..d128e990efb 100644 --- a/2014/0xxx/CVE-2014-0836.json +++ b/2014/0xxx/CVE-2014-0836.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140124 ADV: IBM QRadar SIEM", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jan/166" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066" - }, - { - "name" : "65127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65127" - }, - { - "name" : "102555", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102555" - }, - { - "name" : "56653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56653" - }, - { - "name" : "ibm-qradar-cve20140836-xss(90679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65127" + }, + { + "name": "ibm-qradar-cve20140836-xss(90679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90679" + }, + { + "name": "102555", + "refsource": "OSVDB", + "url": "http://osvdb.org/102555" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066" + }, + { + "name": "20140124 ADV: IBM QRadar SIEM", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jan/166" + }, + { + "name": "56653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56653" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1216.json b/2014/1xxx/CVE-2014-1216.json index 64d05e288dc..5e1bf4ac602 100644 --- a/2014/1xxx/CVE-2014-1216.json +++ b/2014/1xxx/CVE-2014-1216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32568", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32568" - }, - { - "name" : "http://secpod.org/blog/?p=2311", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=2311" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32568", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32568" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/" + }, + { + "name": "http://secpod.org/blog/?p=2311", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=2311" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1347.json b/2014/1xxx/CVE-2014-1347.json index 8a5ca96b4b5..99581cc97f4 100644 --- a/2014/1xxx/CVE-2014-1347.json +++ b/2014/1xxx/CVE-2014-1347.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6251", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6251", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6251" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1801.json b/2014/1xxx/CVE-2014-1801.json index 33d18961848..c0d724b25a7 100644 --- a/2014/1xxx/CVE-2014-1801.json +++ b/2014/1xxx/CVE-2014-1801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1801", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1801", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4224.json b/2014/4xxx/CVE-2014-4224.json index a1f5adaff90..f8b8522d8fb 100644 --- a/2014/4xxx/CVE-2014-4224.json +++ b/2014/4xxx/CVE-2014-4224.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68574" - }, - { - "name" : "1030588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030588" - }, - { - "name" : "59504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59504" - }, - { - "name" : "oracle-cpujul2014-cve20144224(94610)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "oracle-cpujul2014-cve20144224(94610)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94610" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "1030588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030588" + }, + { + "name": "59504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59504" + }, + { + "name": "68574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68574" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4488.json b/2014/4xxx/CVE-2014-4488.json index 09271bdb805..28a57b0835d 100644 --- a/2014/4xxx/CVE-2014-4488.json +++ b/2014/4xxx/CVE-2014-4488.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5626.json b/2014/5xxx/CVE-2014-5626.json index 3fdd697be15..6e64e03c168 100644 --- a/2014/5xxx/CVE-2014-5626.json +++ b/2014/5xxx/CVE-2014-5626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application 1.2.0b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#734561", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/734561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application 1.2.0b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#734561", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/734561" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5650.json b/2014/5xxx/CVE-2014-5650.json index 9b327381cb7..1d6f22af1b2 100644 --- a/2014/5xxx/CVE-2014-5650.json +++ b/2014/5xxx/CVE-2014-5650.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#698217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/698217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#698217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/698217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9509.json b/2014/9xxx/CVE-2014-9509.json index 36069262e0d..e84cedc823d 100644 --- a/2014/9xxx/CVE-2014-9509.json +++ b/2014/9xxx/CVE-2014-9509.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a \"Cache Poisoning\" attack using a URL with arbitrary arguments, which triggers a reload of the page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a \"Cache Poisoning\" attack using a URL with arbitrary arguments, which triggers a reload of the page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3379.json b/2016/3xxx/CVE-2016-3379.json index 9629d06e198..fe6e5ee2f3a 100644 --- a/2016/3xxx/CVE-2016-3379.json +++ b/2016/3xxx/CVE-2016-3379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka \"Microsoft Exchange Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-108", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108" - }, - { - "name" : "92836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92836" - }, - { - "name" : "1036778", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka \"Microsoft Exchange Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-108", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108" + }, + { + "name": "1036778", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036778" + }, + { + "name": "92836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92836" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3388.json b/2016/3xxx/CVE-2016-3388.json index 2ea077f3354..82837dcfb21 100644 --- a/2016/3xxx/CVE-2016-3388.json +++ b/2016/3xxx/CVE-2016-3388.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka \"Microsoft Browser Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3387." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40606", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40606/" - }, - { - "name" : "MS16-118", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" - }, - { - "name" : "MS16-119", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" - }, - { - "name" : "93382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93382" - }, - { - "name" : "1036992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036992" - }, - { - "name" : "1036993", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka \"Microsoft Browser Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-119", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" + }, + { + "name": "MS16-118", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" + }, + { + "name": "1036993", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036993" + }, + { + "name": "93382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93382" + }, + { + "name": "40606", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40606/" + }, + { + "name": "1036992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036992" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3879.json b/2016/3xxx/CVE-2016-3879.json index 1014bf08a53..e8b3607b9fc 100644 --- a/2016/3xxx/CVE-2016-3879.json +++ b/2016/3xxx/CVE-2016-3879.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/sonivox/+/cadfb7a3c96d4fef06656cf37143e1b3e62cae86", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/sonivox/+/cadfb7a3c96d4fef06656cf37143e1b3e62cae86" - }, - { - "name" : "92821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92821" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92821" + }, + { + "name": "https://android.googlesource.com/platform/external/sonivox/+/cadfb7a3c96d4fef06656cf37143e1b3e62cae86", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/sonivox/+/cadfb7a3c96d4fef06656cf37143e1b3e62cae86" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3931.json b/2016/3xxx/CVE-2016-3931.json index 0fb892086fe..ea08d29bd59 100644 --- a/2016/3xxx/CVE-2016-3931.json +++ b/2016/3xxx/CVE-2016-3931.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e80b88323f9ff0bb0e545f209eec08ec56fca816", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e80b88323f9ff0bb0e545f209eec08ec56fca816" - }, - { - "name" : "93313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93313" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e80b88323f9ff0bb0e545f209eec08ec56fca816", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e80b88323f9ff0bb0e545f209eec08ec56fca816" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7237.json b/2016/7xxx/CVE-2016-7237.json index 776d45d7e5c..86731056df1 100644 --- a/2016/7xxx/CVE-2016-7237.json +++ b/2016/7xxx/CVE-2016-7237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka \"Local Security Authority Subsystem Service Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40744", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40744/" - }, - { - "name" : "MS16-137", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137" - }, - { - "name" : "94040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94040" - }, - { - "name" : "1037249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka \"Local Security Authority Subsystem Service Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037249" + }, + { + "name": "MS16-137", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137" + }, + { + "name": "94040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94040" + }, + { + "name": "40744", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40744/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7383.json b/2016/7xxx/CVE-2016-7383.json index be418147b29..b35128a6fe0 100644 --- a/2016/7xxx/CVE-2016-7383.json +++ b/2016/7xxx/CVE-2016-7383.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-7383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-7383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-10822", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-10822" - }, - { - "name" : "94172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94172" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-10822", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-10822" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7640.json b/2016/7xxx/CVE-2016-7640.json index 5da1b2fa6a0..ee2cab87450 100644 --- a/2016/7xxx/CVE-2016-7640.json +++ b/2016/7xxx/CVE-2016-7640.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7899.json b/2016/7xxx/CVE-2016-7899.json index 0c81776e17f..c4b2282259f 100644 --- a/2016/7xxx/CVE-2016-7899.json +++ b/2016/7xxx/CVE-2016-7899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7899", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7899", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8007.json b/2016/8xxx/CVE-2016-8007.json index 7a6cd70c576..e0ff1a1b120 100644 --- a/2016/8xxx/CVE-2016-8007.json +++ b/2016/8xxx/CVE-2016-8007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Host Intrusion Prevention Services (HIPS)", - "version" : { - "version_data" : [ - { - "version_value" : "8.0 Patch 7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Host Intrusion Prevention Services (HIPS)", + "version": { + "version_data": [ + { + "version_value": "8.0 Patch 7 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10173", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10173" - }, - { - "name" : "93813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93813" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10173", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10173" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8767.json b/2016/8xxx/CVE-2016-8767.json index 20c3695054b..11ec2f503ab 100644 --- a/2016/8xxx/CVE-2016-8767.json +++ b/2016/8xxx/CVE-2016-8767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8767", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8767", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9496.json b/2016/9xxx/CVE-2016-9496.json index b08ba2b9912..d2baf5c829c 100644 --- a/2016/9xxx/CVE-2016-9496.json +++ b/2016/9xxx/CVE-2016-9496.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-9496", - "STATE" : "PUBLIC", - "TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HN7740S", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DW7000", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "HN7000S/SM", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Hughes Satellite Modem" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9496", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#614751", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/614751" - }, - { - "name" : "96244", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/96244" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + }, + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2278.json b/2019/2xxx/CVE-2019-2278.json index c4ba1c01746..ccc1bf9fb79 100644 --- a/2019/2xxx/CVE-2019-2278.json +++ b/2019/2xxx/CVE-2019-2278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2329.json b/2019/2xxx/CVE-2019-2329.json index 8be2b7a5192..349eda387dc 100644 --- a/2019/2xxx/CVE-2019-2329.json +++ b/2019/2xxx/CVE-2019-2329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2635.json b/2019/2xxx/CVE-2019-2635.json index 3d1ba110682..2610134a128 100644 --- a/2019/2xxx/CVE-2019-2635.json +++ b/2019/2xxx/CVE-2019-2635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2968.json b/2019/2xxx/CVE-2019-2968.json index 91af55d5c1e..7c1c744616c 100644 --- a/2019/2xxx/CVE-2019-2968.json +++ b/2019/2xxx/CVE-2019-2968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file