From 756c8cb47df3344e000a32858f7540e978823633 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:20:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0264.json | 34 ++--- 2006/0xxx/CVE-2006-0499.json | 160 ++++++++++---------- 2006/0xxx/CVE-2006-0729.json | 190 ++++++++++++------------ 2006/1xxx/CVE-2006-1069.json | 140 +++++++++--------- 2006/1xxx/CVE-2006-1162.json | 180 +++++++++++------------ 2006/1xxx/CVE-2006-1469.json | 200 ++++++++++++------------- 2006/1xxx/CVE-2006-1649.json | 190 ++++++++++++------------ 2006/1xxx/CVE-2006-1905.json | 250 +++++++++++++++---------------- 2006/4xxx/CVE-2006-4632.json | 210 +++++++++++++------------- 2006/4xxx/CVE-2006-4646.json | 160 ++++++++++---------- 2006/4xxx/CVE-2006-4834.json | 170 ++++++++++----------- 2006/4xxx/CVE-2006-4905.json | 160 ++++++++++---------- 2006/4xxx/CVE-2006-4950.json | 200 ++++++++++++------------- 2006/5xxx/CVE-2006-5575.json | 34 ++--- 2010/2xxx/CVE-2010-2433.json | 150 +++++++++---------- 2010/2xxx/CVE-2010-2525.json | 34 ++--- 2010/2xxx/CVE-2010-2545.json | 250 +++++++++++++++---------------- 2010/2xxx/CVE-2010-2629.json | 160 ++++++++++---------- 2010/2xxx/CVE-2010-2684.json | 180 +++++++++++------------ 2010/3xxx/CVE-2010-3111.json | 150 +++++++++---------- 2010/3xxx/CVE-2010-3133.json | 180 +++++++++++------------ 2010/3xxx/CVE-2010-3329.json | 160 ++++++++++---------- 2010/3xxx/CVE-2010-3749.json | 160 ++++++++++---------- 2010/4xxx/CVE-2010-4423.json | 170 ++++++++++----------- 2010/4xxx/CVE-2010-4451.json | 190 ++++++++++++------------ 2010/4xxx/CVE-2010-4510.json | 34 ++--- 2010/4xxx/CVE-2010-4653.json | 34 ++--- 2011/1xxx/CVE-2011-1595.json | 260 ++++++++++++++++----------------- 2011/5xxx/CVE-2011-5178.json | 180 +++++++++++------------ 2014/10xxx/CVE-2014-10057.json | 132 ++++++++--------- 2014/3xxx/CVE-2014-3146.json | 250 +++++++++++++++---------------- 2014/3xxx/CVE-2014-3163.json | 34 ++--- 2014/3xxx/CVE-2014-3328.json | 150 +++++++++---------- 2014/8xxx/CVE-2014-8164.json | 34 ++--- 2014/8xxx/CVE-2014-8253.json | 34 ++--- 2014/8xxx/CVE-2014-8367.json | 140 +++++++++--------- 2014/9xxx/CVE-2014-9470.json | 34 ++--- 2016/2xxx/CVE-2016-2326.json | 180 +++++++++++------------ 2016/2xxx/CVE-2016-2334.json | 200 ++++++++++++------------- 2016/2xxx/CVE-2016-2413.json | 130 ++++++++--------- 2016/2xxx/CVE-2016-2581.json | 34 ++--- 2016/2xxx/CVE-2016-2704.json | 34 ++--- 2016/6xxx/CVE-2016-6258.json | 210 +++++++++++++------------- 2016/6xxx/CVE-2016-6261.json | 200 ++++++++++++------------- 2016/6xxx/CVE-2016-6454.json | 130 ++++++++--------- 2016/6xxx/CVE-2016-6541.json | 184 +++++++++++------------ 2016/6xxx/CVE-2016-6590.json | 34 ++--- 2016/7xxx/CVE-2016-7096.json | 34 ++--- 2016/7xxx/CVE-2016-7605.json | 140 +++++++++--------- 2016/7xxx/CVE-2016-7750.json | 34 ++--- 2016/7xxx/CVE-2016-7858.json | 180 +++++++++++------------ 2017/5xxx/CVE-2017-5787.json | 142 +++++++++--------- 2017/5xxx/CVE-2017-5938.json | 190 ++++++++++++------------ 53 files changed, 3717 insertions(+), 3717 deletions(-) diff --git a/2006/0xxx/CVE-2006-0264.json b/2006/0xxx/CVE-2006-0264.json index 27bd0d1b67e..11e54e9e804 100644 --- a/2006/0xxx/CVE-2006-0264.json +++ b/2006/0xxx/CVE-2006-0264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0264", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for \"DB10\". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-0264", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for \"DB10\". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0499.json b/2006/0xxx/CVE-2006-0499.json index 627a658089d..72e4a7a2b06 100644 --- a/2006/0xxx/CVE-2006-0499.json +++ b/2006/0xxx/CVE-2006-0499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16448" - }, - { - "name" : "ADV-2006-0390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0390" - }, - { - "name" : "22818", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22818" - }, - { - "name" : "18620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18620" - }, - { - "name" : "phpbb-rlink-xss(24410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18620" + }, + { + "name": "phpbb-rlink-xss(24410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24410" + }, + { + "name": "16448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16448" + }, + { + "name": "22818", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22818" + }, + { + "name": "ADV-2006-0390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0390" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0729.json b/2006/0xxx/CVE-2006-0729.json index c385b5c06e5..95e302da3e1 100644 --- a/2006/0xxx/CVE-2006-0729.json +++ b/2006/0xxx/CVE-2006-0729.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 [eVuln] Teca Diary PE SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425892/30/6800/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/75/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/75/summary.html" - }, - { - "name" : "16686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16686" - }, - { - "name" : "ADV-2006-0615", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0615" - }, - { - "name" : "1015674", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015674" - }, - { - "name" : "18876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18876" - }, - { - "name" : "477", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/477" - }, - { - "name" : "tecadiary-functions-sql-injection(24643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015674", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015674" + }, + { + "name": "18876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18876" + }, + { + "name": "477", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/477" + }, + { + "name": "http://www.evuln.com/vulns/75/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/75/summary.html" + }, + { + "name": "16686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16686" + }, + { + "name": "tecadiary-functions-sql-injection(24643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24643" + }, + { + "name": "20060223 [eVuln] Teca Diary PE SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425892/30/6800/threaded" + }, + { + "name": "ADV-2006-0615", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0615" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1069.json b/2006/1xxx/CVE-2006-1069.json index 89d748bd3a1..a5c589f3270 100644 --- a/2006/1xxx/CVE-2006-1069.json +++ b/2006/1xxx/CVE-2006-1069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr2", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr2" - }, - { - "name" : "17010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17010" - }, - { - "name" : "ADV-2006-0851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2" + }, + { + "name": "17010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17010" + }, + { + "name": "ADV-2006-0851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0851" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1162.json b/2006/1xxx/CVE-2006-1162.json index 3801f72f847..27e1c4eccad 100644 --- a/2006/1xxx/CVE-2006-1162.json +++ b/2006/1xxx/CVE-2006-1162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hamid.ir/security/nodez.txt", - "refsource" : "MISC", - "url" : "http://hamid.ir/security/nodez.txt" - }, - { - "name" : "17066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17066" - }, - { - "name" : "ADV-2006-0899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0899" - }, - { - "name" : "23774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23774" - }, - { - "name" : "1015747", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015747" - }, - { - "name" : "19165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19165" - }, - { - "name" : "nodez-op-file-include(25119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19165" + }, + { + "name": "17066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17066" + }, + { + "name": "http://hamid.ir/security/nodez.txt", + "refsource": "MISC", + "url": "http://hamid.ir/security/nodez.txt" + }, + { + "name": "23774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23774" + }, + { + "name": "ADV-2006-0899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0899" + }, + { + "name": "nodez-op-file-include(25119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25119" + }, + { + "name": "1015747", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015747" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1469.json b/2006/1xxx/CVE-2006-1469.json index 6b4f2e5da50..e15674fb7ff 100644 --- a/2006/1xxx/CVE-2006-1469.json +++ b/2006/1xxx/CVE-2006-1469.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-06-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html" - }, - { - "name" : "VU#988356", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/988356" - }, - { - "name" : "18686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18686" - }, - { - "name" : "18731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18731" - }, - { - "name" : "ADV-2006-2566", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2566" - }, - { - "name" : "26931", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26931" - }, - { - "name" : "1016394", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016394" - }, - { - "name" : "20877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20877" - }, - { - "name" : "macosx-imageio-tiff-bo(27478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-06-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html" + }, + { + "name": "18731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18731" + }, + { + "name": "18686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18686" + }, + { + "name": "VU#988356", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/988356" + }, + { + "name": "26931", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26931" + }, + { + "name": "macosx-imageio-tiff-bo(27478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27478" + }, + { + "name": "1016394", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016394" + }, + { + "name": "20877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20877" + }, + { + "name": "ADV-2006-2566", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2566" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1649.json b/2006/1xxx/CVE-2006-1649.json index 35420e600fd..e053bb2752b 100644 --- a/2006/1xxx/CVE-2006-1649.json +++ b/2006/1xxx/CVE-2006-1649.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"restore to\" selection in the \"quarantine a file\" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060404 NOD32 local privilege escalation vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429892/100/0/threaded" - }, - { - "name" : "17374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17374" - }, - { - "name" : "ADV-2006-1242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1242" - }, - { - "name" : "24393", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24393" - }, - { - "name" : "1015867", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015867" - }, - { - "name" : "19054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19054" - }, - { - "name" : "672", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/672" - }, - { - "name" : "nod32-restoreto-file-upload(25640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"restore to\" selection in the \"quarantine a file\" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24393", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24393" + }, + { + "name": "1015867", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015867" + }, + { + "name": "17374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17374" + }, + { + "name": "672", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/672" + }, + { + "name": "nod32-restoreto-file-upload(25640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25640" + }, + { + "name": "ADV-2006-1242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1242" + }, + { + "name": "20060404 NOD32 local privilege escalation vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429892/100/0/threaded" + }, + { + "name": "19054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19054" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1905.json b/2006/1xxx/CVE-2006-1905.json index 0eb6fb207e2..7ea330c3d2f 100644 --- a/2006/1xxx/CVE-2006-1905.json +++ b/2006/1xxx/CVE-2006-1905.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 Remote Xine Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431251/100/0/threaded" - }, - { - "name" : "http://open-security.org/advisories/16", - "refsource" : "MISC", - "url" : "http://open-security.org/advisories/16" - }, - { - "name" : "http://sourceforge.net/mailarchive/message.php?msg_id=15429845", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=15429845" - }, - { - "name" : "GLSA-200604-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml" - }, - { - "name" : "MDKSA-2006:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085" - }, - { - "name" : "SUSE-SA:2006:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_05.html" - }, - { - "name" : "17579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17579" - }, - { - "name" : "ADV-2006-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1432" - }, - { - "name" : "24747", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24747" - }, - { - "name" : "1015959", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015959" - }, - { - "name" : "19671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19671" - }, - { - "name" : "19854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19854" - }, - { - "name" : "20066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20066" - }, - { - "name" : "xine-playlist-format-string(25851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200604-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml" + }, + { + "name": "http://open-security.org/advisories/16", + "refsource": "MISC", + "url": "http://open-security.org/advisories/16" + }, + { + "name": "1015959", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015959" + }, + { + "name": "19854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19854" + }, + { + "name": "20060418 Remote Xine Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded" + }, + { + "name": "19671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19671" + }, + { + "name": "ADV-2006-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1432" + }, + { + "name": "24747", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24747" + }, + { + "name": "17579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17579" + }, + { + "name": "MDKSA-2006:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085" + }, + { + "name": "20066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20066" + }, + { + "name": "SUSE-SA:2006:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_05.html" + }, + { + "name": "xine-playlist-format-string(25851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851" + }, + { + "name": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4632.json b/2006/4xxx/CVE-2006-4632.json index 18e9b7df990..2f946eb6e77 100644 --- a/2006/4xxx/CVE-2006-4632.json +++ b/2006/4xxx/CVE-2006-4632.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445087/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/advisories/10060904.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/advisories/10060904.txt" - }, - { - "name" : "2300", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2300" - }, - { - "name" : "ADV-2006-3478", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3478" - }, - { - "name" : "28577", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28577" - }, - { - "name" : "28578", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28578" - }, - { - "name" : "1016785", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016785" - }, - { - "name" : "21761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21761" - }, - { - "name" : "1521", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1521" - }, - { - "name" : "softbb-addmembre-sql-injection(28747)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2300", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2300" + }, + { + "name": "28578", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28578" + }, + { + "name": "28577", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28577" + }, + { + "name": "21761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21761" + }, + { + "name": "ADV-2006-3478", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3478" + }, + { + "name": "1016785", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016785" + }, + { + "name": "1521", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1521" + }, + { + "name": "http://acid-root.new.fr/advisories/10060904.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/advisories/10060904.txt" + }, + { + "name": "softbb-addmembre-sql-injection(28747)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28747" + }, + { + "name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4646.json b/2006/4xxx/CVE-2006-4646.json index 188bec61123..b4ab1373465 100644 --- a/2006/4xxx/CVE-2006-4646.json +++ b/2006/4xxx/CVE-2006-4646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/82527", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/82527" - }, - { - "name" : "19876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19876" - }, - { - "name" : "ADV-2006-3480", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3480" - }, - { - "name" : "21779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21779" - }, - { - "name" : "pathauto-drupal-unspecified-xss(28771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pathauto-drupal-unspecified-xss(28771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28771" + }, + { + "name": "ADV-2006-3480", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3480" + }, + { + "name": "http://drupal.org/node/82527", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/82527" + }, + { + "name": "21779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21779" + }, + { + "name": "19876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19876" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4834.json b/2006/4xxx/CVE-2006-4834.json index 4062fc74fc4..5ceafea3b2f 100644 --- a/2006/4xxx/CVE-2006-4834.json +++ b/2006/4xxx/CVE-2006-4834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446039/100/0/threaded" - }, - { - "name" : "http://www.nyubicrew.org/adv/solpot-adv-07.txt", - "refsource" : "MISC", - "url" : "http://www.nyubicrew.org/adv/solpot-adv-07.txt" - }, - { - "name" : "20019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20019" - }, - { - "name" : "ADV-2006-3611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3611" - }, - { - "name" : "1587", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1587" - }, - { - "name" : "phpquiz-index-file-include(28947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1587", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1587" + }, + { + "name": "phpquiz-index-file-include(28947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28947" + }, + { + "name": "http://www.nyubicrew.org/adv/solpot-adv-07.txt", + "refsource": "MISC", + "url": "http://www.nyubicrew.org/adv/solpot-adv-07.txt" + }, + { + "name": "ADV-2006-3611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3611" + }, + { + "name": "20060914 SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446039/100/0/threaded" + }, + { + "name": "20019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20019" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4905.json b/2006/4xxx/CVE-2006-4905.json index 434be3dfb60..c87ce7fde8e 100644 --- a/2006/4xxx/CVE-2006-4905.json +++ b/2006/4xxx/CVE-2006-4905.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446329/100/0/threaded" - }, - { - "name" : "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html", - "refsource" : "MISC", - "url" : "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html" - }, - { - "name" : "1016880", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016880" - }, - { - "name" : "1600", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1600" - }, - { - "name" : "artmedic-link-index-file-include(29013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016880", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016880" + }, + { + "name": "1600", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1600" + }, + { + "name": "artmedic-link-index-file-include(29013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29013" + }, + { + "name": "20060916 [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446329/100/0/threaded" + }, + { + "name": "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html", + "refsource": "MISC", + "url": "http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4950.json b/2006/4xxx/CVE-2006-4950.json index 50717193ad7..db130498206 100644 --- a/2006/4xxx/CVE-2006-4950.json +++ b/2006/4xxx/CVE-2006-4950.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060920 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml" - }, - { - "name" : "VU#123140", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/123140" - }, - { - "name" : "20125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20125" - }, - { - "name" : "oval:org.mitre.oval:def:5665", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665" - }, - { - "name" : "ADV-2006-3722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3722" - }, - { - "name" : "29034", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29034" - }, - { - "name" : "1016899", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016899" - }, - { - "name" : "21974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21974" - }, - { - "name" : "ios-docsis-default-snmp(29054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016899", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016899" + }, + { + "name": "ADV-2006-3722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3722" + }, + { + "name": "oval:org.mitre.oval:def:5665", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665" + }, + { + "name": "VU#123140", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/123140" + }, + { + "name": "20060920 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml" + }, + { + "name": "ios-docsis-default-snmp(29054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29054" + }, + { + "name": "21974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21974" + }, + { + "name": "29034", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29034" + }, + { + "name": "20125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20125" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5575.json b/2006/5xxx/CVE-2006-5575.json index 6756fbce316..3d18c3f1041 100644 --- a/2006/5xxx/CVE-2006-5575.json +++ b/2006/5xxx/CVE-2006-5575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5575", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5575", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2433.json b/2010/2xxx/CVE-2010-2433.json index 5156442b9eb..6939ac7ae96 100644 --- a/2010/2xxx/CVE-2010-2433.json +++ b/2010/2xxx/CVE-2010-2433.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RS00133", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1RS00133" - }, - { - "name" : "41030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41030" - }, - { - "name" : "40275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40275" - }, - { - "name" : "ibm-wij-multiple-xss(59609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41030" + }, + { + "name": "RS00133", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1RS00133" + }, + { + "name": "ibm-wij-multiple-xss(59609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59609" + }, + { + "name": "40275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40275" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2525.json b/2010/2xxx/CVE-2010-2525.json index 50b375aedbb..eea9a8ed21a 100644 --- a/2010/2xxx/CVE-2010-2525.json +++ b/2010/2xxx/CVE-2010-2525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2545.json b/2010/2xxx/CVE-2010-2545.json index 2887c776a94..d1ad1e98e6a 100644 --- a/2010/2xxx/CVE-2010-2545.json +++ b/2010/2xxx/CVE-2010-2545.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127978954522586&w=2" - }, - { - "name" : "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128017203704299&w=2" - }, - { - "name" : "http://cacti.net/release_notes_0_8_7g.php", - "refsource" : "CONFIRM", - "url" : "http://cacti.net/release_notes_0_8_7g.php" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=6037", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=6037" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=6038", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=6038" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=6041", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=6041" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=6042", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=6042" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459229", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459229" - }, - { - "name" : "MDVSA-2010:160", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" - }, - { - "name" : "RHSA-2010:0635", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" - }, - { - "name" : "42575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42575" - }, - { - "name" : "41041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41041" - }, - { - "name" : "ADV-2010-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2132" - }, - { - "name" : "cacti-templatesimport-xss(61227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=6041", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=6041" + }, + { + "name": "MDVSA-2010:160", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" + }, + { + "name": "42575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42575" + }, + { + "name": "41041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41041" + }, + { + "name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127978954522586&w=2" + }, + { + "name": "RHSA-2010:0635", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html" + }, + { + "name": "http://cacti.net/release_notes_0_8_7g.php", + "refsource": "CONFIRM", + "url": "http://cacti.net/release_notes_0_8_7g.php" + }, + { + "name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128017203704299&w=2" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=6038", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=6038" + }, + { + "name": "ADV-2010-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2132" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=6037", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=6037" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=459229", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=6042", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=6042" + }, + { + "name": "cacti-templatesimport-xss(61227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2629.json b/2010/2xxx/CVE-2010-2629.json index b7f7e2f8b11..12b1d39a7a0 100644 --- a/2010/2xxx/CVE-2010-2629.json +++ b/2010/2xxx/CVE-2010-2629.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512144/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/resources/advisory/20100702-1/", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/resources/advisory/20100702-1/" - }, - { - "name" : "41315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41315" - }, - { - "name" : "1024167", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024167" - }, - { - "name" : "1024168", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded" + }, + { + "name": "1024167", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024167" + }, + { + "name": "41315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41315" + }, + { + "name": "http://www.vsecurity.com/resources/advisory/20100702-1/", + "refsource": "MISC", + "url": "http://www.vsecurity.com/resources/advisory/20100702-1/" + }, + { + "name": "1024168", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024168" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2684.json b/2010/2xxx/CVE-2010-2684.json index ae7e7398a97..f268869966a 100644 --- a/2010/2xxx/CVE-2010-2684.json +++ b/2010/2xxx/CVE-2010-2684.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14089", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14089" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt" - }, - { - "name" : "41184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41184" - }, - { - "name" : "65830", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65830" - }, - { - "name" : "40367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40367" - }, - { - "name" : "ADV-2010-1633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1633" - }, - { - "name" : "pagedirector-index-sql-injection(59844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41184" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt" + }, + { + "name": "pagedirector-index-sql-injection(59844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59844" + }, + { + "name": "ADV-2010-1633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1633" + }, + { + "name": "65830", + "refsource": "OSVDB", + "url": "http://osvdb.org/65830" + }, + { + "name": "40367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40367" + }, + { + "name": "14089", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14089" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3111.json b/2010/3xxx/CVE-2010-3111.json index 803bd10f4ba..2396c17971a 100644 --- a/2010/3xxx/CVE-2010-3111.json +++ b/2010/3xxx/CVE-2010-3111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=51070", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=51070" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" - }, - { - "name" : "oval:org.mitre.oval:def:11918", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11918", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11918" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=51070", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=51070" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3133.json b/2010/3xxx/CVE-2010-3133.json index 9edbbc83060..fd5d03f4408 100644 --- a/2010/3xxx/CVE-2010-3133.json +++ b/2010/3xxx/CVE-2010-3133.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14721", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14721/" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-09.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-10.html" - }, - { - "name" : "oval:org.mitre.oval:def:11498", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498" - }, - { - "name" : "41064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41064" - }, - { - "name" : "ADV-2010-2165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2165" - }, - { - "name" : "ADV-2010-2243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-09.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-09.html" + }, + { + "name": "14721", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14721/" + }, + { + "name": "41064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41064" + }, + { + "name": "oval:org.mitre.oval:def:11498", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498" + }, + { + "name": "ADV-2010-2165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2165" + }, + { + "name": "ADV-2010-2243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2243" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-10.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3329.json b/2010/3xxx/CVE-2010-3329.json index 382778c1049..563f754e0de 100644 --- a/2010/3xxx/CVE-2010-3329.json +++ b/2010/3xxx/CVE-2010-3329.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100113324", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113324" - }, - { - "name" : "MS10-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "43706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43706" - }, - { - "name" : "oval:org.mitre.oval:def:7482", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" + }, + { + "name": "oval:org.mitre.oval:def:7482", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482" + }, + { + "name": "43706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43706" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113324", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113324" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3749.json b/2010/3xxx/CVE-2010-3749.json index 9e2390239d9..377c543a917 100644 --- a/2010/3xxx/CVE-2010-3749.json +++ b/2010/3xxx/CVE-2010-3749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15991", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15991" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-211/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-211/" - }, - { - "name" : "http://service.real.com/realplayer/security/10152010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/10152010_player/en/" - }, - { - "name" : "44144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44144" - }, - { - "name" : "44443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44144" + }, + { + "name": "15991", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15991" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/" + }, + { + "name": "44443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44443" + }, + { + "name": "http://service.real.com/realplayer/security/10152010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/10152010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4423.json b/2010/4xxx/CVE-2010-4423.json index 50426f655cf..1686bafcf55 100644 --- a/2010/4xxx/CVE-2010-4423.json +++ b/2010/4xxx/CVE-2010-4423.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45859" - }, - { - "name" : "1024972", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024972" - }, - { - "name" : "42895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42895" - }, - { - "name" : "ADV-2011-0139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0139" - }, - { - "name" : "oracle-db-cluster-priv-escalation(64756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0139" + }, + { + "name": "1024972", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024972" + }, + { + "name": "45859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45859" + }, + { + "name": "42895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42895" + }, + { + "name": "oracle-db-cluster-priv-escalation(64756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64756" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4451.json b/2010/4xxx/CVE-2010-4451.json index a32061dde2e..a0522ff5c25 100644 --- a/2010/4xxx/CVE-2010-4451.json +++ b/2010/4xxx/CVE-2010-4451.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "46405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46405" - }, - { - "name" : "oval:org.mitre.oval:def:13942", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942" - }, - { - "name" : "oracle-runtime-http-code-execution(65402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "oval:org.mitre.oval:def:13942", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "46405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46405" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "oracle-runtime-http-code-execution(65402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65402" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4510.json b/2010/4xxx/CVE-2010-4510.json index 5fd58f61d85..b4c1e054355 100644 --- a/2010/4xxx/CVE-2010-4510.json +++ b/2010/4xxx/CVE-2010-4510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4510", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4150. Reason: This candidate is a duplicate of CVE-2010-4150. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4150. Reason: This candidate is a duplicate of CVE-2010-4150. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4653.json b/2010/4xxx/CVE-2010-4653.json index e17b14fe712..5855a523ce7 100644 --- a/2010/4xxx/CVE-2010-4653.json +++ b/2010/4xxx/CVE-2010-4653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4653", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4653", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1595.json b/2011/1xxx/CVE-2011-1595.json index 36a75233ace..1f53bd314ea 100644 --- a/2011/1xxx/CVE-2011-1595.json +++ b/2011/1xxx/CVE-2011-1595.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rdesktop-announce] 20110418 rdesktop 1.7.0 released", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=27376554" - }, - { - "name" : "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626", - "refsource" : "CONFIRM", - "url" : "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626" - }, - { - "name" : "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=676252", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=676252" - }, - { - "name" : "FEDORA-2011-7688", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html" - }, - { - "name" : "FEDORA-2011-7694", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html" - }, - { - "name" : "FEDORA-2011-7697", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html" - }, - { - "name" : "GLSA-201210-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201210-03.xml" - }, - { - "name" : "MDVSA-2011:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:102" - }, - { - "name" : "RHSA-2011:0506", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2011-0506.html" - }, - { - "name" : "USN-1136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1136-1" - }, - { - "name" : "47419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47419" - }, - { - "name" : "1025525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025525" - }, - { - "name" : "44881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44881" - }, - { - "name" : "51023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025525" + }, + { + "name": "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626", + "refsource": "CONFIRM", + "url": "http://rdesktop.svn.sourceforge.net/viewvc/rdesktop?view=revision&revision=1626" + }, + { + "name": "RHSA-2011:0506", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2011-0506.html" + }, + { + "name": "MDVSA-2011:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:102" + }, + { + "name": "47419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47419" + }, + { + "name": "FEDORA-2011-7694", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061309.html" + }, + { + "name": "FEDORA-2011-7688", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061170.html" + }, + { + "name": "51023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51023" + }, + { + "name": "GLSA-201210-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201210-03.xml" + }, + { + "name": "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/rdesktop-1.7.0.tar.gz/download" + }, + { + "name": "[rdesktop-announce] 20110418 rdesktop 1.7.0 released", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=27376554" + }, + { + "name": "44881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44881" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=676252", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676252" + }, + { + "name": "USN-1136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1136-1" + }, + { + "name": "FEDORA-2011-7697", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061316.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5178.json b/2011/5xxx/CVE-2011-5178.json index a8c27ec8ff0..77b35c3784f 100644 --- a/2011/5xxx/CVE-2011-5178.json +++ b/2011/5xxx/CVE-2011-5178.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Nov/158" - }, - { - "name" : "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss" - }, - { - "name" : "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg", - "refsource" : "CONFIRM", - "url" : "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg" - }, - { - "name" : "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg", - "refsource" : "CONFIRM", - "url" : "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg" - }, - { - "name" : "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg", - "refsource" : "CONFIRM", - "url" : "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg" - }, - { - "name" : "1026319", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026319" - }, - { - "name" : "46854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46854" + }, + { + "name": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg", + "refsource": "CONFIRM", + "url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg" + }, + { + "name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Nov/158" + }, + { + "name": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg", + "refsource": "CONFIRM", + "url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg" + }, + { + "name": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss" + }, + { + "name": "1026319", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026319" + }, + { + "name": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg", + "refsource": "CONFIRM", + "url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10057.json b/2014/10xxx/CVE-2014-10057.json index 4d9eaa71170..7ed27f34afc 100644 --- a/2014/10xxx/CVE-2014-10057.json +++ b/2014/10xxx/CVE-2014-10057.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper access control vulnerability in Audio." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control vulnerability in Audio." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3146.json b/2014/3xxx/CVE-2014-3146.json index 6b1e1481efd..2c6d2dd0759 100644 --- a/2014/3xxx/CVE-2014-3146.json +++ b/2014/3xxx/CVE-2014-3146.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140415 lxml (python lib) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/210" - }, - { - "name" : "20140430 Re: lxml (python lib) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/319" - }, - { - "name" : "[lxml] 20140415 lxml.html.clean vulnerability", - "refsource" : "MLIST", - "url" : "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html" - }, - { - "name" : "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/09/7" - }, - { - "name" : "http://lxml.de/3.3/changes-3.3.5.html", - "refsource" : "CONFIRM", - "url" : "http://lxml.de/3.3/changes-3.3.5.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0218.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0218.html" - }, - { - "name" : "DSA-2941", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2941" - }, - { - "name" : "MDVSA-2015:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112" - }, - { - "name" : "openSUSE-SU-2014:0735", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html" - }, - { - "name" : "USN-2217-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2217-1" - }, - { - "name" : "67159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67159" - }, - { - "name" : "58013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58013" - }, - { - "name" : "58744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58744" - }, - { - "name" : "59008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2941", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2941" + }, + { + "name": "http://lxml.de/3.3/changes-3.3.5.html", + "refsource": "CONFIRM", + "url": "http://lxml.de/3.3/changes-3.3.5.html" + }, + { + "name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/09/7" + }, + { + "name": "USN-2217-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2217-1" + }, + { + "name": "[lxml] 20140415 lxml.html.clean vulnerability", + "refsource": "MLIST", + "url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html" + }, + { + "name": "58744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58744" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0218.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0218.html" + }, + { + "name": "67159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67159" + }, + { + "name": "MDVSA-2015:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112" + }, + { + "name": "58013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58013" + }, + { + "name": "20140415 lxml (python lib) vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/210" + }, + { + "name": "59008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59008" + }, + { + "name": "openSUSE-SU-2014:0735", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html" + }, + { + "name": "20140430 Re: lxml (python lib) vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/319" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3163.json b/2014/3xxx/CVE-2014-3163.json index 7d39776de38..84e425f75b6 100644 --- a/2014/3xxx/CVE-2014-3163.json +++ b/2014/3xxx/CVE-2014-3163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3328.json b/2014/3xxx/CVE-2014-3328.json index a0262a8fa3b..f88863bce2f 100644 --- a/2014/3xxx/CVE-2014-3328.json +++ b/2014/3xxx/CVE-2014-3328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140725 Cisco Unified Presence Server Sync Agent Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328" - }, - { - "name" : "68901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68901" - }, - { - "name" : "1030643", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030643" - }, - { - "name" : "cisco-ups-cve20143328-dos(94879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68901" + }, + { + "name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328" + }, + { + "name": "1030643", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030643" + }, + { + "name": "cisco-ups-cve20143328-dos(94879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8164.json b/2014/8xxx/CVE-2014-8164.json index 857ea703efa..be03676f284 100644 --- a/2014/8xxx/CVE-2014-8164.json +++ b/2014/8xxx/CVE-2014-8164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8253.json b/2014/8xxx/CVE-2014-8253.json index f02357f9f16..e970f6321ba 100644 --- a/2014/8xxx/CVE-2014-8253.json +++ b/2014/8xxx/CVE-2014-8253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8367.json b/2014/8xxx/CVE-2014-8367.json index 4c116b64d63..3c160344751 100644 --- a/2014/8xxx/CVE-2014-8367.json +++ b/2014/8xxx/CVE-2014-8367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt" - }, - { - "name" : "62602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62602" - }, - { - "name" : "clearpass-cve20148367-sql-injection(98870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt" + }, + { + "name": "62602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62602" + }, + { + "name": "clearpass-cve20148367-sql-injection(98870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98870" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9470.json b/2014/9xxx/CVE-2014-9470.json index 710f9ae1545..7c5a02ff9bb 100644 --- a/2014/9xxx/CVE-2014-9470.json +++ b/2014/9xxx/CVE-2014-9470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9470", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9470", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2326.json b/2016/2xxx/CVE-2016-2326.json index 57c07d4ee30..102567e9b3f 100644 --- a/2016/2xxx/CVE-2016-2326.json +++ b/2016/2xxx/CVE-2016-2326.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2" - }, - { - "name" : "DSA-3506", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3506" - }, - { - "name" : "GLSA-201606-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-09" - }, - { - "name" : "GLSA-201705-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-08" - }, - { - "name" : "USN-2944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2944-1" - }, - { - "name" : "84165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84165" - }, - { - "name" : "1035010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84165" + }, + { + "name": "GLSA-201705-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-08" + }, + { + "name": "USN-2944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2944-1" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2" + }, + { + "name": "DSA-3506", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3506" + }, + { + "name": "1035010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035010" + }, + { + "name": "GLSA-201606-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-09" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2334.json b/2016/2xxx/CVE-2016-2334.json index c2e92fd0b60..d57f66e0617 100644 --- a/2016/2xxx/CVE-2016-2334.json +++ b/2016/2xxx/CVE-2016-2334.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html" - }, - { - "name" : "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html", - "refsource" : "MISC", - "url" : "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html" - }, - { - "name" : "http://www.talosintel.com/reports/TALOS-2016-0093/", - "refsource" : "MISC", - "url" : "http://www.talosintel.com/reports/TALOS-2016-0093/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" - }, - { - "name" : "FEDORA-2016-430bc0f808", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/" - }, - { - "name" : "FEDORA-2016-bbcb0e4eb4", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/" - }, - { - "name" : "GLSA-201701-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-27" - }, - { - "name" : "90531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90531" - }, - { - "name" : "1035876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-bbcb0e4eb4", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/" + }, + { + "name": "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html", + "refsource": "MISC", + "url": "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html" + }, + { + "name": "http://www.talosintel.com/reports/TALOS-2016-0093/", + "refsource": "MISC", + "url": "http://www.talosintel.com/reports/TALOS-2016-0093/" + }, + { + "name": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html", + "refsource": "MISC", + "url": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html" + }, + { + "name": "90531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90531" + }, + { + "name": "GLSA-201701-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-27" + }, + { + "name": "1035876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035876" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" + }, + { + "name": "FEDORA-2016-430bc0f808", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2413.json b/2016/2xxx/CVE-2016-2413.json index 5911d2c2882..62f292701cd 100644 --- a/2016/2xxx/CVE-2016-2413.json +++ b/2016/2xxx/CVE-2016-2413.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2581.json b/2016/2xxx/CVE-2016-2581.json index 429c92d3e51..133f7100ecd 100644 --- a/2016/2xxx/CVE-2016-2581.json +++ b/2016/2xxx/CVE-2016-2581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2581", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2581", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2704.json b/2016/2xxx/CVE-2016-2704.json index 4bdd8bb6cbb..18b06610029 100644 --- a/2016/2xxx/CVE-2016-2704.json +++ b/2016/2xxx/CVE-2016-2704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2704", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2704", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6258.json b/2016/6xxx/CVE-2016-6258.json index 45ebd88eea2..2cdcc4376eb 100644 --- a/2016/6xxx/CVE-2016-6258.json +++ b/2016/6xxx/CVE-2016-6258.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX214954", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX214954" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-182.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-182.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa182-4.5.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa182-4.5.patch" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa182-4.6.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa182-4.6.patch" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa182-unstable.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa182-unstable.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "DSA-3633", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3633" - }, - { - "name" : "GLSA-201611-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-09" - }, - { - "name" : "92131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92131" - }, - { - "name" : "1036446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-182.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-182.html" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa182-4.6.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa182-4.6.patch" + }, + { + "name": "http://support.citrix.com/article/CTX214954", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX214954" + }, + { + "name": "GLSA-201611-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-09" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa182-unstable.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa182-unstable.patch" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa182-4.5.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa182-4.5.patch" + }, + { + "name": "DSA-3633", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3633" + }, + { + "name": "1036446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036446" + }, + { + "name": "92131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92131" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6261.json b/2016/6xxx/CVE-2016-6261.json index dbf8662a6a6..e907111916a 100644 --- a/2016/6xxx/CVE-2016-6261.json +++ b/2016/6xxx/CVE-2016-6261.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html" - }, - { - "name" : "[help-libidn] 20160720 Libidn 1.33 released", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html" - }, - { - "name" : "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/20/6" - }, - { - "name" : "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/21/4" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d" - }, - { - "name" : "DSA-3658", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3658" - }, - { - "name" : "openSUSE-SU-2016:2135", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html" - }, - { - "name" : "USN-3068-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3068-1" - }, - { - "name" : "92070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/21/4" + }, + { + "name": "openSUSE-SU-2016:2135", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html" + }, + { + "name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/20/6" + }, + { + "name": "92070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92070" + }, + { + "name": "DSA-3658", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3658" + }, + { + "name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d" + }, + { + "name": "[help-libidn] 20160720 Libidn 1.33 released", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html" + }, + { + "name": "USN-3068-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3068-1" + }, + { + "name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6454.json b/2016/6xxx/CVE-2016-6454.json index 1f5f06fd7b5..0abc7c795c8 100644 --- a/2016/6xxx/CVE-2016-6454.json +++ b/2016/6xxx/CVE-2016-6454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)", + "version": { + "version_data": [ + { + "version_value": "Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf" - }, - { - "name" : "93916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf" + }, + { + "name": "93916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93916" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6541.json b/2016/6xxx/CVE-2016-6541.json index 3e97a330ea8..6f4cb1e897c 100644 --- a/2016/6xxx/CVE-2016-6541.json +++ b/2016/6xxx/CVE-2016-6541.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6541", - "STATE" : "PUBLIC", - "TITLE" : "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bravo Mobile Application", - "version" : { - "version_data" : [ - { - "affected" : "!", - "platform" : "iOS", - "version_value" : "5.1.6" - }, - { - "affected" : "!", - "platform" : "Android", - "version_value" : "2.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "TrackR" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6541", + "STATE": "PUBLIC", + "TITLE": "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bravo Mobile Application", + "version": { + "version_data": [ + { + "affected": "!", + "platform": "iOS", + "version_value": "5.1.6" + }, + { + "affected": "!", + "platform": "Android", + "version_value": "2.2.5" + } + ] + } + } + ] + }, + "vendor_name": "TrackR" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" - }, - { - "name" : "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", - "refsource" : "MISC", - "url" : "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ" - }, - { - "name" : "VU#617567", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/617567" - }, - { - "name" : "93874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93874" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93874" + }, + { + "name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", + "refsource": "MISC", + "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + }, + { + "name": "VU#617567", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/617567" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6590.json b/2016/6xxx/CVE-2016-6590.json index 6e1e36f315d..57495948cb5 100644 --- a/2016/6xxx/CVE-2016-6590.json +++ b/2016/6xxx/CVE-2016-6590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7096.json b/2016/7xxx/CVE-2016-7096.json index 1ee7b5f9cc7..f73d9ab645a 100644 --- a/2016/7xxx/CVE-2016-7096.json +++ b/2016/7xxx/CVE-2016-7096.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7096", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7096", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7605.json b/2016/7xxx/CVE-2016-7605.json index 3040771d788..c0db2585305 100644 --- a/2016/7xxx/CVE-2016-7605.json +++ b/2016/7xxx/CVE-2016-7605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7750.json b/2016/7xxx/CVE-2016-7750.json index c0a74591733..54acf16291b 100644 --- a/2016/7xxx/CVE-2016-7750.json +++ b/2016/7xxx/CVE-2016-7750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7750", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7750", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7858.json b/2016/7xxx/CVE-2016-7858.json index 8939670a02f..270a4de005f 100644 --- a/2016/7xxx/CVE-2016-7858.json +++ b/2016/7xxx/CVE-2016-7858.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-595", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-595" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" - }, - { - "name" : "GLSA-201611-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-18" - }, - { - "name" : "MS16-141", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" - }, - { - "name" : "RHSA-2016:2676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2676.html" - }, - { - "name" : "94153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94153" - }, - { - "name" : "1037240", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-141", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" + }, + { + "name": "94153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94153" + }, + { + "name": "RHSA-2016:2676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-595", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-595" + }, + { + "name": "1037240", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037240" + }, + { + "name": "GLSA-201611-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-18" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5787.json b/2017/5xxx/CVE-2017-5787.json index 772bd784dbf..382fac61c83 100644 --- a/2017/5xxx/CVE-2017-5787.json +++ b/2017/5xxx/CVE-2017-5787.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2016-12-15T00:00:00", - "ID" : "CVE-2017-5787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Version Control Repository Manager (VCRM)", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2016-12-15T00:00:00", + "ID": "CVE-2017-5787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Version Control Repository Manager (VCRM)", + "version": { + "version_data": [ + { + "version_value": "prior to 7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "96395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "96395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96395" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5938.json b/2017/5xxx/CVE-2017-5938.json index 7fe72126c08..6854c280731 100644 --- a/2017/5xxx/CVE-2017-5938.json +++ b/2017/5xxx/CVE-2017-5938.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170208 Re: CVE request: XSS in viewvc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/09/6" - }, - { - "name" : "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad", - "refsource" : "CONFIRM", - "url" : "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad" - }, - { - "name" : "https://github.com/viewvc/viewvc/issues/137", - "refsource" : "CONFIRM", - "url" : "https://github.com/viewvc/viewvc/issues/137" - }, - { - "name" : "https://github.com/viewvc/viewvc/releases/tag/1.0.14", - "refsource" : "CONFIRM", - "url" : "https://github.com/viewvc/viewvc/releases/tag/1.0.14" - }, - { - "name" : "https://github.com/viewvc/viewvc/releases/tag/1.1.26", - "refsource" : "CONFIRM", - "url" : "https://github.com/viewvc/viewvc/releases/tag/1.1.26" - }, - { - "name" : "DSA-3784", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3784" - }, - { - "name" : "openSUSE-SU-2017:0501", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html" - }, - { - "name" : "96185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/viewvc/viewvc/releases/tag/1.0.14", + "refsource": "CONFIRM", + "url": "https://github.com/viewvc/viewvc/releases/tag/1.0.14" + }, + { + "name": "https://github.com/viewvc/viewvc/issues/137", + "refsource": "CONFIRM", + "url": "https://github.com/viewvc/viewvc/issues/137" + }, + { + "name": "96185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96185" + }, + { + "name": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad", + "refsource": "CONFIRM", + "url": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad" + }, + { + "name": "https://github.com/viewvc/viewvc/releases/tag/1.1.26", + "refsource": "CONFIRM", + "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.26" + }, + { + "name": "[oss-security] 20170208 Re: CVE request: XSS in viewvc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/6" + }, + { + "name": "DSA-3784", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3784" + }, + { + "name": "openSUSE-SU-2017:0501", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html" + } + ] + } +} \ No newline at end of file