From 751cb51d70813015d3d220e1f19e56205542f235 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:56:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1135.json | 180 +++++++------- 2006/1xxx/CVE-2006-1186.json | 240 +++++++++---------- 2006/1xxx/CVE-2006-1285.json | 160 ++++++------- 2006/5xxx/CVE-2006-5286.json | 170 ++++++------- 2006/5xxx/CVE-2006-5405.json | 200 ++++++++-------- 2006/5xxx/CVE-2006-5447.json | 160 ++++++------- 2006/5xxx/CVE-2006-5661.json | 220 ++++++++--------- 2006/5xxx/CVE-2006-5692.json | 34 +-- 2007/2xxx/CVE-2007-2169.json | 150 ++++++------ 2007/2xxx/CVE-2007-2585.json | 180 +++++++------- 2007/6xxx/CVE-2007-6080.json | 180 +++++++------- 2007/6xxx/CVE-2007-6244.json | 330 +++++++++++++------------- 2007/6xxx/CVE-2007-6271.json | 160 ++++++------- 2007/6xxx/CVE-2007-6563.json | 190 +++++++-------- 2010/0xxx/CVE-2010-0117.json | 190 +++++++-------- 2010/0xxx/CVE-2010-0282.json | 34 +-- 2010/0xxx/CVE-2010-0309.json | 240 +++++++++---------- 2010/0xxx/CVE-2010-0363.json | 120 +++++----- 2010/0xxx/CVE-2010-0745.json | 210 ++++++++--------- 2010/0xxx/CVE-2010-0862.json | 160 ++++++------- 2010/1xxx/CVE-2010-1116.json | 150 ++++++------ 2010/1xxx/CVE-2010-1943.json | 190 +++++++-------- 2010/4xxx/CVE-2010-4375.json | 150 ++++++------ 2010/4xxx/CVE-2010-4605.json | 160 ++++++------- 2010/4xxx/CVE-2010-4797.json | 170 ++++++------- 2010/5xxx/CVE-2010-5308.json | 140 +++++------ 2014/0xxx/CVE-2014-0104.json | 34 +-- 2014/0xxx/CVE-2014-0422.json | 420 ++++++++++++++++----------------- 2014/0xxx/CVE-2014-0469.json | 150 ++++++------ 2014/10xxx/CVE-2014-10015.json | 120 +++++----- 2014/1xxx/CVE-2014-1335.json | 170 ++++++------- 2014/1xxx/CVE-2014-1888.json | 180 +++++++------- 2014/1xxx/CVE-2014-1930.json | 170 ++++++------- 2014/4xxx/CVE-2014-4235.json | 170 ++++++------- 2014/4xxx/CVE-2014-4538.json | 120 +++++----- 2014/4xxx/CVE-2014-4671.json | 190 +++++++-------- 2014/9xxx/CVE-2014-9596.json | 130 +++++----- 2014/9xxx/CVE-2014-9768.json | 130 +++++----- 2016/3xxx/CVE-2016-3063.json | 130 +++++----- 2016/3xxx/CVE-2016-3850.json | 140 +++++------ 2016/3xxx/CVE-2016-3890.json | 160 ++++++------- 2016/7xxx/CVE-2016-7184.json | 140 +++++------ 2016/7xxx/CVE-2016-7406.json | 160 ++++++------- 2016/7xxx/CVE-2016-7838.json | 160 ++++++------- 2016/7xxx/CVE-2016-7869.json | 200 ++++++++-------- 2016/8xxx/CVE-2016-8147.json | 34 +-- 2016/8xxx/CVE-2016-8267.json | 34 +-- 2016/8xxx/CVE-2016-8415.json | 136 +++++------ 2016/8xxx/CVE-2016-8724.json | 120 +++++----- 2016/9xxx/CVE-2016-9180.json | 130 +++++----- 2016/9xxx/CVE-2016-9865.json | 150 ++++++------ 2019/2xxx/CVE-2019-2058.json | 34 +-- 2019/2xxx/CVE-2019-2244.json | 34 +-- 2019/2xxx/CVE-2019-2480.json | 140 +++++------ 54 files changed, 4177 insertions(+), 4177 deletions(-) diff --git a/2006/1xxx/CVE-2006-1135.json b/2006/1xxx/CVE-2006-1135.json index a575dcc7655..eeba7f43780 100644 --- a/2006/1xxx/CVE-2006-1135.json +++ b/2006/1xxx/CVE-2006-1135.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt", - "refsource" : "MISC", - "url" : "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt" - }, - { - "name" : "17044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17044" - }, - { - "name" : "ADV-2006-0883", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0883" - }, - { - "name" : "23759", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23759" - }, - { - "name" : "23760", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23760" - }, - { - "name" : "19151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19151" - }, - { - "name" : "sblog-username-xss(25111)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17044" + }, + { + "name": "sblog-username-xss(25111)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25111" + }, + { + "name": "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt", + "refsource": "MISC", + "url": "http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt" + }, + { + "name": "ADV-2006-0883", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0883" + }, + { + "name": "19151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19151" + }, + { + "name": "23759", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23759" + }, + { + "name": "23760", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23760" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1186.json b/2006/1xxx/CVE-2006-1186.json index c84631063e8..3160fff684d 100644 --- a/2006/1xxx/CVE-2006-1186.json +++ b/2006/1xxx/CVE-2006-1186.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" - }, - { - "name" : "TA06-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" - }, - { - "name" : "VU#959049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/959049" - }, - { - "name" : "17453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17453" - }, - { - "name" : "ADV-2006-1318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1318" - }, - { - "name" : "oval:org.mitre.oval:def:1446", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" - }, - { - "name" : "oval:org.mitre.oval:def:1589", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" - }, - { - "name" : "oval:org.mitre.oval:def:1651", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" - }, - { - "name" : "oval:org.mitre.oval:def:1704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" - }, - { - "name" : "oval:org.mitre.oval:def:791", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" - }, - { - "name" : "1015900", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015900" - }, - { - "name" : "18957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18957" - }, - { - "name" : "ie-com-activex-execute-code(25545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#959049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/959049" + }, + { + "name": "18957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18957" + }, + { + "name": "oval:org.mitre.oval:def:1589", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" + }, + { + "name": "oval:org.mitre.oval:def:1446", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" + }, + { + "name": "1015900", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015900" + }, + { + "name": "oval:org.mitre.oval:def:1651", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" + }, + { + "name": "TA06-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" + }, + { + "name": "MS06-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" + }, + { + "name": "17453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17453" + }, + { + "name": "ADV-2006-1318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1318" + }, + { + "name": "ie-com-activex-execute-code(25545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" + }, + { + "name": "oval:org.mitre.oval:def:1704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" + }, + { + "name": "oval:org.mitre.oval:def:791", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1285.json b/2006/1xxx/CVE-2006-1285.json index 99d1a4d0667..90cc9a0ca70 100644 --- a/2006/1xxx/CVE-2006-1285.json +++ b/2006/1xxx/CVE-2006-1285.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html" - }, - { - "name" : "17019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17019" - }, - { - "name" : "ADV-2006-0870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0870" - }, - { - "name" : "1015733", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015733" - }, - { - "name" : "19171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015733", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015733" + }, + { + "name": "19171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19171" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html" + }, + { + "name": "17019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17019" + }, + { + "name": "ADV-2006-0870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0870" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5286.json b/2006/5xxx/CVE-2006-5286.json index eab725399d4..b34b39e9694 100644 --- a/2006/5xxx/CVE-2006-5286.json +++ b/2006/5xxx/CVE-2006-5286.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to \"VPN issues\" for certain \"IKE and IPsec settings.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm" - }, - { - "name" : "20428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20428" - }, - { - "name" : "ADV-2006-3998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3998" - }, - { - "name" : "1017025", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017025" - }, - { - "name" : "22355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22355" - }, - { - "name" : "novell-bordermanager-unspecified-dos(29447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to \"VPN issues\" for certain \"IKE and IPsec settings.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20428" + }, + { + "name": "1017025", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017025" + }, + { + "name": "22355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22355" + }, + { + "name": "novell-bordermanager-unspecified-dos(29447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29447" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974551.htm" + }, + { + "name": "ADV-2006-3998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3998" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5405.json b/2006/5xxx/CVE-2006-5405.json index 1f1d0484b69..60ffb65dcc0 100644 --- a/2006/5xxx/CVE-2006-5405.json +++ b/2006/5xxx/CVE-2006-5405.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448422/100/100/threaded" - }, - { - "name" : "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-October/001085.html" - }, - { - "name" : "http://www.secureworks.com/press/20061011-dell.html", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/press/20061011-dell.html" - }, - { - "name" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html", - "refsource" : "MISC", - "url" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html" - }, - { - "name" : "ADV-2006-4057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4057" - }, - { - "name" : "1017075", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017075" - }, - { - "name" : "22402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22402" - }, - { - "name" : "1744", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1744" - }, - { - "name" : "toshiba-bluetooth-stack-code-execute(29503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-October/001085.html" + }, + { + "name": "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448422/100/100/threaded" + }, + { + "name": "http://www.secureworks.com/press/20061011-dell.html", + "refsource": "MISC", + "url": "http://www.secureworks.com/press/20061011-dell.html" + }, + { + "name": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html", + "refsource": "MISC", + "url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html" + }, + { + "name": "ADV-2006-4057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4057" + }, + { + "name": "1017075", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017075" + }, + { + "name": "22402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22402" + }, + { + "name": "toshiba-bluetooth-stack-code-execute(29503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503" + }, + { + "name": "1744", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1744" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5447.json b/2006/5xxx/CVE-2006-5447.json index f82604a394f..e4e1493bf3a 100644 --- a/2006/5xxx/CVE-2006-5447.json +++ b/2006/5xxx/CVE-2006-5447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449121/100/0/threaded" - }, - { - "name" : "http://www.x0n3-h4ck.org/index.php?name=news&article=139", - "refsource" : "MISC", - "url" : "http://www.x0n3-h4ck.org/index.php?name=news&article=139" - }, - { - "name" : "20590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20590" - }, - { - "name" : "1758", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1758" - }, - { - "name" : "dev-index-xss(29659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.x0n3-h4ck.org/index.php?name=news&article=139", + "refsource": "MISC", + "url": "http://www.x0n3-h4ck.org/index.php?name=news&article=139" + }, + { + "name": "20590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20590" + }, + { + "name": "1758", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1758" + }, + { + "name": "20061018 {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449121/100/0/threaded" + }, + { + "name": "dev-index-xss(29659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29659" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5661.json b/2006/5xxx/CVE-2006-5661.json index 86220804d6a..046f14985ca 100644 --- a/2006/5xxx/CVE-2006-5661.json +++ b/2006/5xxx/CVE-2006-5661.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450270/100/0/threaded" - }, - { - "name" : "20061111 Re: Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451350/100/100/threaded" - }, - { - "name" : "20061031 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050462.html" - }, - { - "name" : "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt", - "refsource" : "MISC", - "url" : "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt" - }, - { - "name" : "http://virtech.org/tools/", - "refsource" : "CONFIRM", - "url" : "http://virtech.org/tools/" - }, - { - "name" : "20837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20837" - }, - { - "name" : "ADV-2006-4512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4512" - }, - { - "name" : "1017147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017147" - }, - { - "name" : "22864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22864" - }, - { - "name" : "1807", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1807" - }, - { - "name" : "netquery-nquser-xss(29927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20837" + }, + { + "name": "22864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22864" + }, + { + "name": "ADV-2006-4512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4512" + }, + { + "name": "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt", + "refsource": "MISC", + "url": "http://www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt" + }, + { + "name": "20061111 Re: Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451350/100/100/threaded" + }, + { + "name": "1017147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017147" + }, + { + "name": "1807", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1807" + }, + { + "name": "20061031 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050462.html" + }, + { + "name": "netquery-nquser-xss(29927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29927" + }, + { + "name": "http://virtech.org/tools/", + "refsource": "CONFIRM", + "url": "http://virtech.org/tools/" + }, + { + "name": "20061101 Cross Site Scripting (XSS) Vulnerability in Netquery by \"VIRtech\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450270/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5692.json b/2006/5xxx/CVE-2006-5692.json index 210c6726812..99c8dc69902 100644 --- a/2006/5xxx/CVE-2006-5692.json +++ b/2006/5xxx/CVE-2006-5692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5692", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5692", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2169.json b/2007/2xxx/CVE-2007-2169.json index efb46669679..869b610f3a1 100644 --- a/2007/2xxx/CVE-2007-2169.json +++ b/2007/2xxx/CVE-2007-2169.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3761", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3761" - }, - { - "name" : "23548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23548" - }, - { - "name" : "ADV-2007-1446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1446" - }, - { - "name" : "mozzers-subsystem-index-code-execution(33739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozzers-subsystem-index-code-execution(33739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33739" + }, + { + "name": "23548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23548" + }, + { + "name": "ADV-2007-1446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1446" + }, + { + "name": "3761", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3761" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2585.json b/2007/2xxx/CVE-2007-2585.json index 1072a4cc066..ea838cfaeef 100644 --- a/2007/2xxx/CVE-2007-2585.json +++ b/2007/2xxx/CVE-2007-2585.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html" - }, - { - "name" : "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt" - }, - { - "name" : "23891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23891" - }, - { - "name" : "ADV-2007-1728", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1728" - }, - { - "name" : "35869", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35869" - }, - { - "name" : "25209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25209" - }, - { - "name" : "barcodewiz-barcodewiz-bo(34180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txt" + }, + { + "name": "barcodewiz-barcodewiz-bo(34180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34180" + }, + { + "name": "25209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25209" + }, + { + "name": "ADV-2007-1728", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1728" + }, + { + "name": "35869", + "refsource": "OSVDB", + "url": "http://osvdb.org/35869" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.html" + }, + { + "name": "23891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23891" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6080.json b/2007/6xxx/CVE-2007-6080.json index 5b5c9a454a3..251a6f1a14a 100644 --- a/2007/6xxx/CVE-2007-6080.json +++ b/2007/6xxx/CVE-2007-6080.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4637", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4637" - }, - { - "name" : "http://www.securityfocus.com/bid/31941/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/31941/exploit" - }, - { - "name" : "26505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26505" - }, - { - "name" : "31941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31941" - }, - { - "name" : "ADV-2007-3962", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3962" - }, - { - "name" : "bcoos-click-sql-injection(38594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38594" - }, - { - "name" : "bcoos-bid-sql-injection(46156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26505" + }, + { + "name": "bcoos-click-sql-injection(38594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38594" + }, + { + "name": "4637", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4637" + }, + { + "name": "ADV-2007-3962", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3962" + }, + { + "name": "bcoos-bid-sql-injection(46156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46156" + }, + { + "name": "http://www.securityfocus.com/bid/31941/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/31941/exploit" + }, + { + "name": "31941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31941" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6244.json b/2007/6xxx/CVE-2007-6244.json index 4c028d97e61..69f36ed5256 100644 --- a/2007/6xxx/CVE-2007-6244.json +++ b/2007/6xxx/CVE-2007-6244.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://crypto.stanford.edu/advisories/CVE-2007-6244/", - "refsource" : "MISC", - "url" : "http://crypto.stanford.edu/advisories/CVE-2007-6244/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html" - }, - { - "name" : "GLSA-200801-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml" - }, - { - "name" : "RHSA-2007:1126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1126.html" - }, - { - "name" : "238305", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" - }, - { - "name" : "SUSE-SA:2007:069", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html" - }, - { - "name" : "TA07-355A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-355A.html" - }, - { - "name" : "VU#758769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/758769" - }, - { - "name" : "26929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26929" - }, - { - "name" : "26949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26949" - }, - { - "name" : "26960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26960" - }, - { - "name" : "oval:org.mitre.oval:def:10210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210" - }, - { - "name" : "ADV-2007-4258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4258" - }, - { - "name" : "ADV-2008-1724", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1724/references" - }, - { - "name" : "1019116", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019116" - }, - { - "name" : "28157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28157" - }, - { - "name" : "28161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28161" - }, - { - "name" : "28570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28570" - }, - { - "name" : "28213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28213" - }, - { - "name" : "30507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30507" - }, - { - "name" : "adobe-asfunction-protocol-xss(39130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39130" - }, - { - "name" : "adobe-navigatetourl-xss(39131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2007:069", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html" + }, + { + "name": "28157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28157" + }, + { + "name": "30507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30507" + }, + { + "name": "adobe-navigatetourl-xss(39131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39131" + }, + { + "name": "28570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28570" + }, + { + "name": "26960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26960" + }, + { + "name": "ADV-2008-1724", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1724/references" + }, + { + "name": "TA07-355A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html" + }, + { + "name": "GLSA-200801-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml" + }, + { + "name": "http://crypto.stanford.edu/advisories/CVE-2007-6244/", + "refsource": "MISC", + "url": "http://crypto.stanford.edu/advisories/CVE-2007-6244/" + }, + { + "name": "oval:org.mitre.oval:def:10210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210" + }, + { + "name": "26929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26929" + }, + { + "name": "28161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28161" + }, + { + "name": "RHSA-2007:1126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html" + }, + { + "name": "adobe-asfunction-protocol-xss(39130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39130" + }, + { + "name": "238305", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" + }, + { + "name": "ADV-2007-4258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4258" + }, + { + "name": "1019116", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019116" + }, + { + "name": "26949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26949" + }, + { + "name": "VU#758769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/758769" + }, + { + "name": "28213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28213" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6271.json b/2007/6xxx/CVE-2007-6271.json index f0b661d164c..9bb64ae9e45 100644 --- a/2007/6xxx/CVE-2007-6271.json +++ b/2007/6xxx/CVE-2007-6271.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484560/100/0/threaded" - }, - { - "name" : "http://www.procheckup.com/Vulnerability_PR07-39.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulnerability_PR07-39.php" - }, - { - "name" : "26692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26692" - }, - { - "name" : "3421", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3421" - }, - { - "name" : "absolutenewsmanager-getpath-info-disclosure(38874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/Vulnerability_PR07-39.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulnerability_PR07-39.php" + }, + { + "name": "26692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26692" + }, + { + "name": "3421", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3421" + }, + { + "name": "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484560/100/0/threaded" + }, + { + "name": "absolutenewsmanager-getpath-info-disclosure(38874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38874" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6563.json b/2007/6xxx/CVE-2007-6563.json index 52d1dc5f2df..298ca505d41 100644 --- a/2007/6xxx/CVE-2007-6563.json +++ b/2007/6xxx/CVE-2007-6563.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225", - "refsource" : "MISC", - "url" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225" - }, - { - "name" : "JVN#44736880", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2344736880/index.html" - }, - { - "name" : "JVNDB-2007-000822", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/contents/ja/2007/JVNDB-2007-000822.html" - }, - { - "name" : "27017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27017" - }, - { - "name" : "ADV-2007-4312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4312" - }, - { - "name" : "40267", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40267" - }, - { - "name" : "28215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28215" - }, - { - "name" : "winace-uue-bo(39268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4312" + }, + { + "name": "JVNDB-2007-000822", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/contents/ja/2007/JVNDB-2007-000822.html" + }, + { + "name": "27017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27017" + }, + { + "name": "winace-uue-bo(39268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39268" + }, + { + "name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225", + "refsource": "MISC", + "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225" + }, + { + "name": "JVN#44736880", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2344736880/index.html" + }, + { + "name": "40267", + "refsource": "OSVDB", + "url": "http://osvdb.org/40267" + }, + { + "name": "28215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28215" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0117.json b/2010/0xxx/CVE-2010-0117.json index 32b9effc812..04cb913e587 100644 --- a/2010/0xxx/CVE-2010-0117.json +++ b/2010/0xxx/CVE-2010-0117.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-5/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-5/" - }, - { - "name" : "http://service.real.com/realplayer/security/08262010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08262010_player/en/" - }, - { - "name" : "oval:org.mitre.oval:def:7169", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169" - }, - { - "name" : "1024370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024370" - }, - { - "name" : "41096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41096" - }, - { - "name" : "41154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41154" - }, - { - "name" : "ADV-2010-2216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2216" - }, - { - "name" : "realplayer-yuv420-code-execution(61421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2216" + }, + { + "name": "41096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41096" + }, + { + "name": "http://service.real.com/realplayer/security/08262010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08262010_player/en/" + }, + { + "name": "realplayer-yuv420-code-execution(61421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61421" + }, + { + "name": "http://secunia.com/secunia_research/2010-5/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-5/" + }, + { + "name": "1024370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024370" + }, + { + "name": "oval:org.mitre.oval:def:7169", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169" + }, + { + "name": "41154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41154" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0282.json b/2010/0xxx/CVE-2010-0282.json index 2691285fbee..7074854d016 100644 --- a/2010/0xxx/CVE-2010-0282.json +++ b/2010/0xxx/CVE-2010-0282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0309.json b/2010/0xxx/CVE-2010-0309.json index b9e48fb129e..45f8617e989 100644 --- a/2010/0xxx/CVE-2010-0309.json +++ b/2010/0xxx/CVE-2010-0309.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[kvm] 20100129 KVM: PIT: control word is write-only", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html" - }, - { - "name" : "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/02/1" - }, - { - "name" : "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/02/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=560887", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=560887" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "RHSA-2010:0088", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0088.html" - }, - { - "name" : "RHSA-2010:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" - }, - { - "name" : "USN-914-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-914-1" - }, - { - "name" : "38158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38158" - }, - { - "name" : "oval:org.mitre.oval:def:11095", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38922" - }, - { - "name" : "ADV-2010-0638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38158" + }, + { + "name": "USN-914-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-914-1" + }, + { + "name": "ADV-2010-0638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0638" + }, + { + "name": "RHSA-2010:0088", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" + }, + { + "name": "38922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38922" + }, + { + "name": "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/02/4" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "oval:org.mitre.oval:def:11095", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=560887", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887" + }, + { + "name": "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/02/1" + }, + { + "name": "[kvm] 20100129 KVM: PIT: control word is write-only", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html" + }, + { + "name": "RHSA-2010:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0363.json b/2010/0xxx/CVE-2010-0363.json index 7cb3c268578..5dd5fba5d8a 100644 --- a/2010/0xxx/CVE-2010-0363.json +++ b/2010/0xxx/CVE-2010-0363.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", - "refsource" : "CONFIRM", - "url" : "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", + "refsource": "CONFIRM", + "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0745.json b/2010/0xxx/CVE-2010-0745.json index 71ed4588fa2..7baef30f284 100644 --- a/2010/0xxx/CVE-2010-0745.json +++ b/2010/0xxx/CVE-2010-0745.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot-news] 20100308 v1.2.11 released", - "refsource" : "MLIST", - "url" : "http://dovecot.org/list/dovecot-news/2010-March/000152.html" - }, - { - "name" : "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.", - "refsource" : "MLIST", - "url" : "http://dovecot.org/pipermail/dovecot/2010-February/047190.html" - }, - { - "name" : "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/10/6" - }, - { - "name" : "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127013715227551&w=2" - }, - { - "name" : "http://security-tracker.debian.org/tracker/CVE-2010-0745", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.org/tracker/CVE-2010-0745" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572268", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572268" - }, - { - "name" : "MDVSA-2010:104", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-1226", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security-tracker.debian.org/tracker/CVE-2010-0745", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.org/tracker/CVE-2010-0745" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.", + "refsource": "MLIST", + "url": "http://dovecot.org/pipermail/dovecot/2010-February/047190.html" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "MDVSA-2010:104", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:104" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=572268", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572268" + }, + { + "name": "ADV-2010-1226", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1226" + }, + { + "name": "[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/10/6" + }, + { + "name": "[dovecot-news] 20100308 v1.2.11 released", + "refsource": "MLIST", + "url": "http://dovecot.org/list/dovecot-news/2010-March/000152.html" + }, + { + "name": "[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127013715227551&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0862.json b/2010/0xxx/CVE-2010-0862.json index 9e242cf8a1f..e202e4ec370 100644 --- a/2010/0xxx/CVE-2010-0862.json +++ b/2010/0xxx/CVE-2010-0862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39444" - }, - { - "name" : "1023872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023872" - }, - { - "name" : "oipsr-rmo-unspecifed(57742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "oipsr-rmo-unspecifed(57742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57742" + }, + { + "name": "1023872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023872" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "39444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39444" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1116.json b/2010/1xxx/CVE-2010-1116.json index 036b7856bd1..c66c3929b8e 100644 --- a/2010/1xxx/CVE-2010-1116.json +++ b/2010/1xxx/CVE-2010-1116.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt" - }, - { - "name" : "61845", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61845" - }, - { - "name" : "38247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38247" - }, - { - "name" : "lookmermusicportal-mdb-info-disclosure(55751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38247" + }, + { + "name": "61845", + "refsource": "OSVDB", + "url": "http://osvdb.org/61845" + }, + { + "name": "lookmermusicportal-mdb-info-disclosure(55751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55751" + }, + { + "name": "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1943.json b/2010/1xxx/CVE-2010-1943.json index d2e62067d87..75c262dba47 100644 --- a/2010/1xxx/CVE-2010-1943.json +++ b/2010/1xxx/CVE-2010-1943.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/about/press/20100517_2.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/about/press/20100517_2.html" - }, - { - "name" : "http://www.nec.co.jp/security-info/secinfo/nv10-005.html", - "refsource" : "CONFIRM", - "url" : "http://www.nec.co.jp/security-info/secinfo/nv10-005.html" - }, - { - "name" : "JVN#82749282", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82749282/index.html" - }, - { - "name" : "JVNDB-2010-000020", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000020.html" - }, - { - "name" : "40190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40190" - }, - { - "name" : "64701", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64701" - }, - { - "name" : "39800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39800" - }, - { - "name" : "ADV-2010-1166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nec.co.jp/security-info/secinfo/nv10-005.html", + "refsource": "CONFIRM", + "url": "http://www.nec.co.jp/security-info/secinfo/nv10-005.html" + }, + { + "name": "40190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40190" + }, + { + "name": "http://www.ipa.go.jp/about/press/20100517_2.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/about/press/20100517_2.html" + }, + { + "name": "JVNDB-2010-000020", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000020.html" + }, + { + "name": "ADV-2010-1166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1166" + }, + { + "name": "64701", + "refsource": "OSVDB", + "url": "http://osvdb.org/64701" + }, + { + "name": "39800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39800" + }, + { + "name": "JVN#82749282", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82749282/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4375.json b/2010/4xxx/CVE-2010-4375.json index d83a8eca9cc..d3ac6481f69 100644 --- a/2010/4xxx/CVE-2010-4375.json +++ b/2010/4xxx/CVE-2010-4375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-266", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-266" - }, - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "RHSA-2010:0981", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0981.html" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0981", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-266", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-266" + }, + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4605.json b/2010/4xxx/CVE-2010-4605.json index cd797bd76a3..22fc9ee6d45 100644 --- a/2010/4xxx/CVE-2010-4605.json +++ b/2010/4xxx/CVE-2010-4605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21454745", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21454745" - }, - { - "name" : "IC66686", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686" - }, - { - "name" : "1024901", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024901" - }, - { - "name" : "42639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42639" - }, - { - "name" : "ADV-2010-3251", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024901", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024901" + }, + { + "name": "IC66686", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686" + }, + { + "name": "ADV-2010-3251", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3251" + }, + { + "name": "42639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42639" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21454745", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21454745" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4797.json b/2010/4xxx/CVE-2010-4797.json index 8e8d5b3c3ab..83fdcc814df 100644 --- a/2010/4xxx/CVE-2010-4797.json +++ b/2010/4xxx/CVE-2010-4797.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15220", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15220" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt" - }, - { - "name" : "43886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43886" - }, - { - "name" : "41763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41763" - }, - { - "name" : "8222", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8222" - }, - { - "name" : "flex-timesheet-username-sql-injection(62374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flex-timesheet-username-sql-injection(62374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62374" + }, + { + "name": "8222", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8222" + }, + { + "name": "41763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41763" + }, + { + "name": "15220", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15220" + }, + { + "name": "43886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43886" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/flextimesheet-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5308.json b/2010/5xxx/CVE-2010-5308.json index d86d8b489a8..063cceaa1aa 100644 --- a/2010/5xxx/CVE-2010-5308.json +++ b/2010/5xxx/CVE-2010-5308.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0104.json b/2014/0xxx/CVE-2014-0104.json index b9def7a7a2d..c5c4d4de140 100644 --- a/2014/0xxx/CVE-2014-0104.json +++ b/2014/0xxx/CVE-2014-0104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0422.json b/2014/0xxx/CVE-2014-0422.json index a7483564c45..cba26d8d52b 100644 --- a/2014/0xxx/CVE-2014-0422.json +++ b/2014/0xxx/CVE-2014-0422.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051528", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051528" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" - }, - { - "name" : "RHSA-2014:0027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" - }, - { - "name" : "RHSA-2014:0097", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" - }, - { - "name" : "RHSA-2014:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "openSUSE-SU-2014:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" - }, - { - "name" : "openSUSE-SU-2014:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "USN-2124-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2124-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64921" - }, - { - "name" : "101997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101997" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56432" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56486" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56432" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2014:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html" + }, + { + "name": "openSUSE-SU-2014:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "RHSA-2014:0097", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "RHSA-2014:0027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html" + }, + { + "name": "56486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56486" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051528", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051528" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "64921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64921" + }, + { + "name": "USN-2124-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2124-1" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "RHSA-2014:0026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "101997", + "refsource": "OSVDB", + "url": "http://osvdb.org/101997" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + }, + { + "name": "openSUSE-SU-2014:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2014:0177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0469.json b/2014/0xxx/CVE-2014-0469.json index 5d6eb9cd0b1..1a4dfe94945 100644 --- a/2014/0xxx/CVE-2014-0469.json +++ b/2014/0xxx/CVE-2014-0469.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140428 CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/28/3" - }, - { - "name" : "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html", - "refsource" : "CONFIRM", - "url" : "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html" - }, - { - "name" : "DSA-2921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2921" - }, - { - "name" : "67090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67090" + }, + { + "name": "DSA-2921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2921" + }, + { + "name": "[oss-security] 20140428 CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/28/3" + }, + { + "name": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html", + "refsource": "CONFIRM", + "url": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10015.json b/2014/10xxx/CVE-2014-10015.json index 0e1ef5711e1..45e39bf7335 100644 --- a/2014/10xxx/CVE-2014-10015.json +++ b/2014/10xxx/CVE-2014-10015.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1335.json b/2014/1xxx/CVE-2014-1335.json index 8bcc060c526..c0ceee78e18 100644 --- a/2014/1xxx/CVE-2014-1335.json +++ b/2014/1xxx/CVE-2014-1335.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6254", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6254" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-05-21-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "67553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "http://support.apple.com/kb/HT6254", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6254" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "67553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67553" + }, + { + "name": "APPLE-SA-2014-05-21-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1888.json b/2014/1xxx/CVE-2014-1888.json index 778753f86e7..5a14ea282a2 100644 --- a/2014/1xxx/CVE-2014-1888.json +++ b/2014/1xxx/CVE-2014-1888.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140213 Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531049/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html" - }, - { - "name" : "http://buddypress.org/2014/02/buddypress-1-9-2", - "refsource" : "CONFIRM", - "url" : "http://buddypress.org/2014/02/buddypress-1-9-2" - }, - { - "name" : "65555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65555" - }, - { - "name" : "103307", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103307" - }, - { - "name" : "56950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56950" - }, - { - "name" : "buddypress-cve20141888-xss(91175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65555" + }, + { + "name": "buddypress-cve20141888-xss(91175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91175" + }, + { + "name": "56950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56950" + }, + { + "name": "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html" + }, + { + "name": "http://buddypress.org/2014/02/buddypress-1-9-2", + "refsource": "CONFIRM", + "url": "http://buddypress.org/2014/02/buddypress-1-9-2" + }, + { + "name": "20140213 Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531049/100/0/threaded" + }, + { + "name": "103307", + "refsource": "OSVDB", + "url": "http://osvdb.org/103307" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1930.json b/2014/1xxx/CVE-2014-1930.json index 360ae541aba..a36143b3280 100644 --- a/2014/1xxx/CVE-2014-1930.json +++ b/2014/1xxx/CVE-2014-1930.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/vu/JVNVU97441356/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/vu/JVNVU97441356/index.html" - }, - { - "name" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", - "refsource" : "CONFIRM", - "url" : "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" - }, - { - "name" : "VU#566894", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/566894" - }, - { - "name" : "65305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65305" - }, - { - "name" : "102814", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102814" - }, - { - "name" : "102815", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#566894", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/566894" + }, + { + "name": "102814", + "refsource": "OSVDB", + "url": "http://osvdb.org/102814" + }, + { + "name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", + "refsource": "CONFIRM", + "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" + }, + { + "name": "http://jvn.jp/vu/JVNVU97441356/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/vu/JVNVU97441356/index.html" + }, + { + "name": "65305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65305" + }, + { + "name": "102815", + "refsource": "OSVDB", + "url": "http://osvdb.org/102815" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4235.json b/2014/4xxx/CVE-2014-4235.json index 3d04d1b316b..e38aa91dbdf 100644 --- a/2014/4xxx/CVE-2014-4235.json +++ b/2014/4xxx/CVE-2014-4235.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68647" - }, - { - "name" : "oracle-cpujul2014-cve20144235(94572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "68647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68647" + }, + { + "name": "oracle-cpujul2014-cve20144235(94572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94572" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4538.json b/2014/4xxx/CVE-2014-4538.json index 177aa74b1c5..56cae0a5cc6 100644 --- a/2014/4xxx/CVE-2014-4538.json +++ b/2014/4xxx/CVE-2014-4538.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4671.json b/2014/4xxx/CVE-2014-4671.json index ad127ad0f20..c1614af5247 100644 --- a/2014/4xxx/CVE-2014-4671.json +++ b/2014/4xxx/CVE-2014-4671.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/", - "refsource" : "MISC", - "url" : "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/" - }, - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html" - }, - { - "name" : "GLSA-201407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-02.xml" - }, - { - "name" : "RHSA-2014:0860", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0860.html" - }, - { - "name" : "68457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68457" - }, - { - "name" : "1030533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030533" - }, - { - "name" : "59837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59837" - }, - { - "name" : "59774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/", + "refsource": "MISC", + "url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/" + }, + { + "name": "RHSA-2014:0860", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html" + }, + { + "name": "68457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68457" + }, + { + "name": "59774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59774" + }, + { + "name": "1030533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030533" + }, + { + "name": "59837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59837" + }, + { + "name": "GLSA-201407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-02.xml" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9596.json b/2014/9xxx/CVE-2014-9596.json index 1da77e197e8..ca7de6355fa 100644 --- a/2014/9xxx/CVE-2014-9596.json +++ b/2014/9xxx/CVE-2014-9596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab", - "refsource" : "CONFIRM", - "url" : "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab" - }, - { - "name" : "VU#117604", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/117604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab", + "refsource": "CONFIRM", + "url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab" + }, + { + "name": "VU#117604", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/117604" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9768.json b/2014/9xxx/CVE-2014-9768.json index b624b28577c..9367c26c401 100644 --- a/2014/9xxx/CVE-2014-9768.json +++ b/2014/9xxx/CVE-2014-9768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a \"page ID\" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white", - "refsource" : "MISC", - "url" : "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white" - }, - { - "name" : "https://vimeo.com/96718889", - "refsource" : "MISC", - "url" : "https://vimeo.com/96718889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a \"page ID\" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white", + "refsource": "MISC", + "url": "http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white" + }, + { + "name": "https://vimeo.com/96718889", + "refsource": "MISC", + "url": "https://vimeo.com/96718889" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3063.json b/2016/3xxx/CVE-2016-3063.json index cdd43356e8b..58ba482555f 100644 --- a/2016/3xxx/CVE-2016-3063.json +++ b/2016/3xxx/CVE-2016-3063.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160310-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160310-0004/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160310-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160310-0004/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3850.json b/2016/3xxx/CVE-2016-3850.json index d3dd4a9e887..0356bf179ef 100644 --- a/2016/3xxx/CVE-2016-3850.json +++ b/2016/3xxx/CVE-2016-3850.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782" - }, - { - "name" : "92236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782" + }, + { + "name": "92236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92236" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3890.json b/2016/3xxx/CVE-2016-3890.json index f6cbab60013..52195f6541f 100644 --- a/2016/3xxx/CVE-2016-3890.json +++ b/2016/3xxx/CVE-2016-3890.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700" - }, - { - "name" : "92851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92851" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92851" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7184.json b/2016/7xxx/CVE-2016-7184.json index cb71cc92a4b..9541063ddab 100644 --- a/2016/7xxx/CVE-2016-7184.json +++ b/2016/7xxx/CVE-2016-7184.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "94015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94015" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + }, + { + "name": "94015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94015" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7406.json b/2016/7xxx/CVE-2016-7406.json index 4700f4b6b97..bf0d79104e5 100644 --- a/2016/7xxx/CVE-2016-7406.json +++ b/2016/7xxx/CVE-2016-7406.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160915 Re: CVE request for Dropbear SSH <2016.74", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376353", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376353" - }, - { - "name" : "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb", - "refsource" : "CONFIRM", - "url" : "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb" - }, - { - "name" : "GLSA-201702-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-23" - }, - { - "name" : "92974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-23" + }, + { + "name": "92974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92974" + }, + { + "name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH <2016.74", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353" + }, + { + "name": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb", + "refsource": "CONFIRM", + "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7838.json b/2016/7xxx/CVE-2016-7838.json index 82d0db323fb..69e0aa6caf4 100644 --- a/2016/7xxx/CVE-2016-7838.json +++ b/2016/7xxx/CVE-2016-7838.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WinSparkle", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 0.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "WinSparkle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WinSparkle", + "version": { + "version_data": [ + { + "version_value": "versions prior to 0.5.3" + } + ] + } + } + ] + }, + "vendor_name": "WinSparkle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913", - "refsource" : "CONFIRM", - "url" : "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913" - }, - { - "name" : "https://www.wireshark.org/news/20161214.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/news/20161214.html" - }, - { - "name" : "JVN#90813656", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN90813656/index.html" - }, - { - "name" : "JVN#96681653", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN96681653/index.html" - }, - { - "name" : "95099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#96681653", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN96681653/index.html" + }, + { + "name": "https://www.wireshark.org/news/20161214.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/news/20161214.html" + }, + { + "name": "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913", + "refsource": "CONFIRM", + "url": "https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913" + }, + { + "name": "JVN#90813656", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN90813656/index.html" + }, + { + "name": "95099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95099" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7869.json b/2016/7xxx/CVE-2016-7869.json index 09c193964ec..ce40c34bd56 100644 --- a/2016/7xxx/CVE-2016-7869.json +++ b/2016/7xxx/CVE-2016-7869.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow / Underflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-624", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-624" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94871" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow / Underflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-624", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-624" + }, + { + "name": "94871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94871" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8147.json b/2016/8xxx/CVE-2016-8147.json index 166272a11d5..5b223dc8bc3 100644 --- a/2016/8xxx/CVE-2016-8147.json +++ b/2016/8xxx/CVE-2016-8147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8267.json b/2016/8xxx/CVE-2016-8267.json index e50a8d49505..8400f88ce97 100644 --- a/2016/8xxx/CVE-2016-8267.json +++ b/2016/8xxx/CVE-2016-8267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8267", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8267", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8415.json b/2016/8xxx/CVE-2016-8415.json index 9ef7ed7cdea..6e100906609 100644 --- a/2016/8xxx/CVE-2016-8415.json +++ b/2016/8xxx/CVE-2016-8415.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95260" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8724.json b/2016/8xxx/CVE-2016-8724.json index 41002391b70..9860eb6b1d3 100644 --- a/2016/8xxx/CVE-2016-8724.json +++ b/2016/8xxx/CVE-2016-8724.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0238/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0238/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0238/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0238/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9180.json b/2016/9xxx/CVE-2016-9180.json index 65dd38266e5..97375e1a8e7 100644 --- a/2016/9xxx/CVE-2016-9180.json +++ b/2016/9xxx/CVE-2016-9180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161104 Re: CVE request: XXE in perl Image:nfo and XML:wig", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/04/2" - }, - { - "name" : "94219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94219" + }, + { + "name": "[oss-security] 20161104 Re: CVE request: XXE in perl Image:nfo and XML:wig", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/04/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9865.json b/2016/9xxx/CVE-2016-9865.json index 5bcdee3e08f..c57816f82a2 100644 --- a/2016/9xxx/CVE-2016-9865.json +++ b/2016/9xxx/CVE-2016-9865.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-70", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-70" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "94531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-70", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-70" + }, + { + "name": "94531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94531" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2058.json b/2019/2xxx/CVE-2019-2058.json index f821b1586dd..f87c370a053 100644 --- a/2019/2xxx/CVE-2019-2058.json +++ b/2019/2xxx/CVE-2019-2058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2244.json b/2019/2xxx/CVE-2019-2244.json index 9631b1c2c3d..5266bfea2dc 100644 --- a/2019/2xxx/CVE-2019-2244.json +++ b/2019/2xxx/CVE-2019-2244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2480.json b/2019/2xxx/CVE-2019-2480.json index 43868939cf5..23a6f996947 100644 --- a/2019/2xxx/CVE-2019-2480.json +++ b/2019/2xxx/CVE-2019-2480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file