From 769ef915d6cf94fca36ff3de50698ee4721b451f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:13:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1152.json | 160 +++++++------- 2006/1xxx/CVE-2006-1348.json | 180 ++++++++-------- 2006/1xxx/CVE-2006-1395.json | 150 ++++++------- 2006/1xxx/CVE-2006-1908.json | 150 ++++++------- 2006/5xxx/CVE-2006-5216.json | 190 ++++++++--------- 2006/5xxx/CVE-2006-5375.json | 200 +++++++++--------- 2006/5xxx/CVE-2006-5594.json | 140 ++++++------ 2007/2xxx/CVE-2007-2157.json | 170 +++++++-------- 2007/2xxx/CVE-2007-2158.json | 150 ++++++------- 2007/2xxx/CVE-2007-2980.json | 180 ++++++++-------- 2007/6xxx/CVE-2007-6084.json | 140 ++++++------ 2007/6xxx/CVE-2007-6283.json | 180 ++++++++-------- 2010/0xxx/CVE-2010-0070.json | 140 ++++++------ 2010/0xxx/CVE-2010-0378.json | 170 +++++++-------- 2010/0xxx/CVE-2010-0383.json | 180 ++++++++-------- 2010/0xxx/CVE-2010-0464.json | 140 ++++++------ 2010/0xxx/CVE-2010-0650.json | 260 +++++++++++------------ 2010/1xxx/CVE-2010-1026.json | 140 ++++++------ 2010/1xxx/CVE-2010-1194.json | 160 +++++++------- 2010/1xxx/CVE-2010-1224.json | 230 ++++++++++---------- 2010/1xxx/CVE-2010-1599.json | 150 ++++++------- 2010/1xxx/CVE-2010-1688.json | 180 ++++++++-------- 2010/1xxx/CVE-2010-1795.json | 170 +++++++-------- 2010/4xxx/CVE-2010-4133.json | 34 +-- 2010/4xxx/CVE-2010-4159.json | 220 +++++++++---------- 2010/4xxx/CVE-2010-4628.json | 170 +++++++-------- 2010/4xxx/CVE-2010-4832.json | 150 ++++++------- 2010/5xxx/CVE-2010-5203.json | 130 ++++++------ 2014/0xxx/CVE-2014-0194.json | 34 +-- 2014/0xxx/CVE-2014-0685.json | 130 ++++++------ 2014/0xxx/CVE-2014-0813.json | 180 ++++++++-------- 2014/0xxx/CVE-2014-0818.json | 130 ++++++------ 2014/0xxx/CVE-2014-0968.json | 130 ++++++------ 2014/10xxx/CVE-2014-10045.json | 132 ++++++------ 2014/1xxx/CVE-2014-1233.json | 130 ++++++------ 2014/1xxx/CVE-2014-1425.json | 120 +++++------ 2014/4xxx/CVE-2014-4049.json | 370 ++++++++++++++++---------------- 2014/4xxx/CVE-2014-4293.json | 130 ++++++------ 2014/4xxx/CVE-2014-4648.json | 130 ++++++------ 2014/4xxx/CVE-2014-4781.json | 130 ++++++------ 2014/4xxx/CVE-2014-4868.json | 120 +++++------ 2014/9xxx/CVE-2014-9045.json | 120 +++++------ 2014/9xxx/CVE-2014-9109.json | 34 +-- 2014/9xxx/CVE-2014-9176.json | 140 ++++++------ 2016/3xxx/CVE-2016-3073.json | 34 +-- 2016/3xxx/CVE-2016-3234.json | 130 ++++++------ 2016/3xxx/CVE-2016-3437.json | 140 ++++++------ 2016/3xxx/CVE-2016-3581.json | 170 +++++++-------- 2016/3xxx/CVE-2016-3855.json | 140 ++++++------ 2016/3xxx/CVE-2016-3996.json | 130 ++++++------ 2016/7xxx/CVE-2016-7200.json | 180 ++++++++-------- 2016/7xxx/CVE-2016-7435.json | 190 ++++++++--------- 2016/7xxx/CVE-2016-7683.json | 34 +-- 2016/7xxx/CVE-2016-7853.json | 130 ++++++------ 2016/8xxx/CVE-2016-8421.json | 146 ++++++------- 2016/8xxx/CVE-2016-8435.json | 130 ++++++------ 2016/8xxx/CVE-2016-8811.json | 150 ++++++------- 2016/8xxx/CVE-2016-8894.json | 34 +-- 2016/8xxx/CVE-2016-8920.json | 178 ++++++++-------- 2016/8xxx/CVE-2016-8938.json | 376 ++++++++++++++++----------------- 2016/9xxx/CVE-2016-9124.json | 140 ++++++------ 2016/9xxx/CVE-2016-9656.json | 34 +-- 2019/2xxx/CVE-2019-2434.json | 160 +++++++------- 63 files changed, 4700 insertions(+), 4700 deletions(-) diff --git a/2006/1xxx/CVE-2006-1152.json b/2006/1xxx/CVE-2006-1152.json index ca25889b8dd..86df0c3fd2f 100644 --- a/2006/1xxx/CVE-2006-1152.json +++ b/2006/1xxx/CVE-2006-1152.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16977" - }, - { - "name" : "ADV-2006-0827", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0827" - }, - { - "name" : "23740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23740" - }, - { - "name" : "19121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19121" - }, - { - "name" : "mphorum-index-file-include(25102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16977" + }, + { + "name": "ADV-2006-0827", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0827" + }, + { + "name": "19121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19121" + }, + { + "name": "mphorum-index-file-include(25102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25102" + }, + { + "name": "23740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23740" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1348.json b/2006/1xxx/CVE-2006-1348.json index 1f5c1c72a4d..d1b0cb44173 100644 --- a/2006/1xxx/CVE-2006-1348.json +++ b/2006/1xxx/CVE-2006-1348.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1595", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1595" - }, - { - "name" : "20060414 Provable vendor ACK for gcards issues", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000698.html" - }, - { - "name" : "17165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17165" - }, - { - "name" : "ADV-2006-1015", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1015" - }, - { - "name" : "24018", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24018" - }, - { - "name" : "19322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19322" - }, - { - "name" : "gcards-incsetlang-xss(25343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1595", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1595" + }, + { + "name": "24018", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24018" + }, + { + "name": "19322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19322" + }, + { + "name": "ADV-2006-1015", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1015" + }, + { + "name": "gcards-incsetlang-xss(25343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25343" + }, + { + "name": "17165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17165" + }, + { + "name": "20060414 Provable vendor ACK for gcards issues", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000698.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1395.json b/2006/1xxx/CVE-2006-1395.json index 88f6904319f..785e2c3d71c 100644 --- a/2006/1xxx/CVE-2006-1395.json +++ b/2006/1xxx/CVE-2006-1395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17224" - }, - { - "name" : "ADV-2006-1153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1153" - }, - { - "name" : "19439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19439" - }, - { - "name" : "cholod-mb-sql-injection(25520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19439" + }, + { + "name": "cholod-mb-sql-injection(25520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25520" + }, + { + "name": "ADV-2006-1153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1153" + }, + { + "name": "17224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17224" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1908.json b/2006/1xxx/CVE-2006-1908.json index 819eccd24e2..f2c234eaca7 100644 --- a/2006/1xxx/CVE-2006-1908.json +++ b/2006/1xxx/CVE-2006-1908.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1384" - }, - { - "name" : "24719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24719" - }, - { - "name" : "19680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19680" - }, - { - "name" : "myevent-addevent-xss(25885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19680" + }, + { + "name": "24719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24719" + }, + { + "name": "myevent-addevent-xss(25885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25885" + }, + { + "name": "ADV-2006-1384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1384" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5216.json b/2006/5xxx/CVE-2006-5216.json index 75c6ef84d7c..5854661bf62 100644 --- a/2006/5xxx/CVE-2006-5216.json +++ b/2006/5xxx/CVE-2006-5216.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 shttpd long get request vuln ( retro )", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.html" - }, - { - "name" : "2482", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2482" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt" - }, - { - "name" : "20393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20393" - }, - { - "name" : "ADV-2006-3939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3939" - }, - { - "name" : "1017088", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017088" - }, - { - "name" : "22294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22294" - }, - { - "name" : "simplehttpd-post-bo(29368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061018 shttpd long get request vuln ( retro )", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.html" + }, + { + "name": "2482", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2482" + }, + { + "name": "22294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22294" + }, + { + "name": "simplehttpd-post-bo(29368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29368" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt" + }, + { + "name": "1017088", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017088" + }, + { + "name": "ADV-2006-3939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3939" + }, + { + "name": "20393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20393" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5375.json b/2006/5xxx/CVE-2006-5375.json index 7147544a5ea..bf134b8fb85 100644 --- a/2006/5xxx/CVE-2006-5375.json +++ b/2006/5xxx/CVE-2006-5375.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5594.json b/2006/5xxx/CVE-2006-5594.json index c3a57366a4e..4fae850b7d9 100644 --- a/2006/5xxx/CVE-2006-5594.json +++ b/2006/5xxx/CVE-2006-5594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061021 IPEER Remote file inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449460/100/0/threaded" - }, - { - "name" : "1787", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1787" - }, - { - "name" : "ipeer-peer-file-include(29754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipeer-peer-file-include(29754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29754" + }, + { + "name": "20061021 IPEER Remote file inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449460/100/0/threaded" + }, + { + "name": "1787", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1787" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2157.json b/2007/2xxx/CVE-2007-2157.json index a8421eff7c0..5393bbbb53c 100644 --- a/2007/2xxx/CVE-2007-2157.json +++ b/2007/2xxx/CVE-2007-2157.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3764", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3764" - }, - { - "name" : "23553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23553" - }, - { - "name" : "ADV-2007-1449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1449" - }, - { - "name" : "35016", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35016" - }, - { - "name" : "24899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24899" - }, - { - "name" : "zomplog-forcedownload-dir-traversal(33740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1449" + }, + { + "name": "zomplog-forcedownload-dir-traversal(33740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33740" + }, + { + "name": "3764", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3764" + }, + { + "name": "35016", + "refsource": "OSVDB", + "url": "http://osvdb.org/35016" + }, + { + "name": "24899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24899" + }, + { + "name": "23553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23553" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2158.json b/2007/2xxx/CVE-2007-2158.json index fe09dedb20c..cbe5c026339 100644 --- a/2007/2xxx/CVE-2007-2158.json +++ b/2007/2xxx/CVE-2007-2158.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3760", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3760" - }, - { - "name" : "ADV-2007-1445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1445" - }, - { - "name" : "24956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24956" - }, - { - "name" : "jgallery-index-file-include(33738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1445" + }, + { + "name": "24956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24956" + }, + { + "name": "jgallery-index-file-include(33738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33738" + }, + { + "name": "3760", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3760" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2980.json b/2007/2xxx/CVE-2007-2980.json index d9067c56bd7..97efd5e6d49 100644 --- a/2007/2xxx/CVE-2007-2980.json +++ b/2007/2xxx/CVE-2007-2980.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-27-leadtools-raster-isis-object.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-27-leadtools-raster-isis-object.html" - }, - { - "name" : "http://www.shinnai.altervista.org/moaxb/20070527/leadrasterisistxt.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/moaxb/20070527/leadrasterisistxt.html" - }, - { - "name" : "24193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24193" - }, - { - "name" : "ADV-2007-1972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1972" - }, - { - "name" : "36043", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36043" - }, - { - "name" : "25433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25433" - }, - { - "name" : "leadtools-ltris14e-bo(34528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "leadtools-ltris14e-bo(34528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34528" + }, + { + "name": "25433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25433" + }, + { + "name": "36043", + "refsource": "OSVDB", + "url": "http://osvdb.org/36043" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-27-leadtools-raster-isis-object.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-27-leadtools-raster-isis-object.html" + }, + { + "name": "ADV-2007-1972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1972" + }, + { + "name": "http://www.shinnai.altervista.org/moaxb/20070527/leadrasterisistxt.html", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/moaxb/20070527/leadrasterisistxt.html" + }, + { + "name": "24193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24193" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6084.json b/2007/6xxx/CVE-2007-6084.json index 94fa53d7b49..8d2ca3e2c4a 100644 --- a/2007/6xxx/CVE-2007-6084.json +++ b/2007/6xxx/CVE-2007-6084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4633", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4633" - }, - { - "name" : "26485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26485" - }, - { - "name" : "clone-softwaredescription-sql-injection(38554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clone-softwaredescription-sql-injection(38554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38554" + }, + { + "name": "4633", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4633" + }, + { + "name": "26485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26485" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6283.json b/2007/6xxx/CVE-2007-6283.json index 1fdf74f1e2b..53aa0626a92 100644 --- a/2007/6xxx/CVE-2007-6283.json +++ b/2007/6xxx/CVE-2007-6283.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283" - }, - { - "name" : "FEDORA-2007-4655", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html" - }, - { - "name" : "FEDORA-2007-4658", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html" - }, - { - "name" : "RHSA-2008:0300", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0300.html" - }, - { - "name" : "oval:org.mitre.oval:def:9977", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977" - }, - { - "name" : "28180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28180" - }, - { - "name" : "30313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2007-4658", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html" + }, + { + "name": "RHSA-2008:0300", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283" + }, + { + "name": "28180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28180" + }, + { + "name": "oval:org.mitre.oval:def:9977", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977" + }, + { + "name": "30313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30313" + }, + { + "name": "FEDORA-2007-4655", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0070.json b/2010/0xxx/CVE-2010-0070.json index be85d9ed00c..de3a555fddd 100644 --- a/2010/0xxx/CVE-2010-0070.json +++ b/2010/0xxx/CVE-2010-0070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - }, - { - "name" : "1023438", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023438", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023438" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0378.json b/2010/0xxx/CVE-2010-0378.json index 3c7ab85c151..1cfb0c23cc6 100644 --- a/2010/0xxx/CVE-2010-0378.json +++ b/2010/0xxx/CVE-2010-0378.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a \"Movie Unloading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2007-77/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-77/" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/979267.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/979267.mspx" - }, - { - "name" : "VU#204889", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/204889" - }, - { - "name" : "oval:org.mitre.oval:def:7580", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7580" - }, - { - "name" : "1023435", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023435" - }, - { - "name" : "27105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a \"Movie Unloading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7580", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7580" + }, + { + "name": "1023435", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023435" + }, + { + "name": "VU#204889", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/204889" + }, + { + "name": "http://secunia.com/secunia_research/2007-77/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-77/" + }, + { + "name": "27105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27105" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/979267.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/979267.mspx" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0383.json b/2010/0xxx/CVE-2010-0383.json index 7e06317fa68..4a165c2faf5 100644 --- a/2010/0xxx/CVE-2010-0383.json +++ b/2010/0xxx/CVE-2010-0383.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20100121 Tor 0.2.1.22 is released (security fix)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2010/msg00000.html" - }, - { - "name" : "[or-talk] 20100120 Re: Tor Project infrastructure updates in response to security breach", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Jan-2010/msg00165.html" - }, - { - "name" : "[or-talk] 20100120 Tor 0.2.2.7-alpha is out", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Jan-2010/msg00162.html" - }, - { - "name" : "[or-talk] 20100120 Tor Project infrastructure updates in response to security breach", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Jan-2010/msg00161.html" - }, - { - "name" : "37901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37901" - }, - { - "name" : "61977", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61977" - }, - { - "name" : "38198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37901" + }, + { + "name": "61977", + "refsource": "OSVDB", + "url": "http://osvdb.org/61977" + }, + { + "name": "[or-announce] 20100121 Tor 0.2.1.22 is released (security fix)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2010/msg00000.html" + }, + { + "name": "38198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38198" + }, + { + "name": "[or-talk] 20100120 Tor Project infrastructure updates in response to security breach", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Jan-2010/msg00161.html" + }, + { + "name": "[or-talk] 20100120 Re: Tor Project infrastructure updates in response to security breach", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Jan-2010/msg00165.html" + }, + { + "name": "[or-talk] 20100120 Tor 0.2.2.7-alpha is out", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Jan-2010/msg00162.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0464.json b/2010/0xxx/CVE-2010-0464.json index 880ebb13cbf..1f26b188e62 100644 --- a/2010/0xxx/CVE-2010-0464.json +++ b/2010/0xxx/CVE-2010-0464.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail", - "refsource" : "MISC", - "url" : "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail" - }, - { - "name" : "http://trac.roundcube.net/ticket/1486449", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1486449" - }, - { - "name" : "MDVSA-2010:048", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:048", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:048" + }, + { + "name": "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail", + "refsource": "MISC", + "url": "https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail" + }, + { + "name": "http://trac.roundcube.net/ticket/1486449", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1486449" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0650.json b/2010/0xxx/CVE-2010-0650.json index 07fa83a3bf4..8485fe2a993 100644 --- a/2010/0xxx/CVE-2010-0650.json +++ b/2010/0xxx/CVE-2010-0650.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=3275", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=3275" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=21501", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=21501" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38373" - }, - { - "name" : "oval:org.mitre.oval:def:13791", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13791" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "38373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38373" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=3275", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=3275" + }, + { + "name": "oval:org.mitre.oval:def:13791", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13791" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=21501", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=21501" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1026.json b/2010/1xxx/CVE-2010-1026.json index 038ee8670f7..db6b4f50573 100644 --- a/2010/1xxx/CVE-2010-1026.json +++ b/2010/1xxx/CVE-2010-1026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38800" - }, - { - "name" : "cleandbdbal-unspecified-sql-injection(56979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38800" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + }, + { + "name": "cleandbdbal-unspecified-sql-injection(56979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1194.json b/2010/1xxx/CVE-2010-1194.json index 6a41eeaacda..0284be5fd0d 100644 --- a/2010/1xxx/CVE-2010-1194.json +++ b/2010/1xxx/CVE-2010-1194.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100303 CVE Request: libesmtp does not check NULL bytes in commonName", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/03/6" - }, - { - "name" : "[oss-security] 20100309 Re: CVE Request: libesmtp does not check NULL bytes in commonName", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/09/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100309 Re: CVE Request: libesmtp does not check NULL bytes in commonName", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/09/3" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "[oss-security] 20100303 CVE Request: libesmtp does not check NULL bytes in commonName", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/03/6" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1224.json b/2010/1xxx/CVE-2010-1224.json index c0dadc88cf5..20b2eb2190d 100644 --- a/2010/1xxx/CVE-2010-1224.json +++ b/2010/1xxx/CVE-2010-1224.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509757/100/0/threaded" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2010-003.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2010-003.html" - }, - { - "name" : "FEDORA-2010-3724", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html" - }, - { - "name" : "38424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38424" - }, - { - "name" : "62588", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62588" - }, - { - "name" : "38752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38752" - }, - { - "name" : "39096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39096" - }, - { - "name" : "ADV-2010-0475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0475" - }, - { - "name" : "asterisk-cidr-security-bypass(56552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2010-003.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff" + }, + { + "name": "39096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39096" + }, + { + "name": "FEDORA-2010-3724", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff" + }, + { + "name": "ADV-2010-0475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0475" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff" + }, + { + "name": "62588", + "refsource": "OSVDB", + "url": "http://osvdb.org/62588" + }, + { + "name": "asterisk-cidr-security-bypass(56552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552" + }, + { + "name": "38424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38424" + }, + { + "name": "38752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38752" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1599.json b/2010/1xxx/CVE-2010-1599.json index ee8bd100365..baea1b1669a 100644 --- a/2010/1xxx/CVE-2010-1599.json +++ b/2010/1xxx/CVE-2010-1599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/nkinfoweb-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/nkinfoweb-sql.txt" - }, - { - "name" : "12354", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12354" - }, - { - "name" : "39609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39609" - }, - { - "name" : "nkinfoweb-loadorder-sql-injection(58082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1004-exploits/nkinfoweb-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/nkinfoweb-sql.txt" + }, + { + "name": "12354", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12354" + }, + { + "name": "nkinfoweb-loadorder-sql-injection(58082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58082" + }, + { + "name": "39609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39609" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1688.json b/2010/1xxx/CVE-2010-1688.json index ff3abfbae51..bba1cf51fa5 100644 --- a/2010/1xxx/CVE-2010-1688.json +++ b/2010/1xxx/CVE-2010-1688.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-041-syncback-freeware-v3-2-20-0/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-041-syncback-freeware-v3-2-20-0/" - }, - { - "name" : "http://www.corelan.be:8800/wp-content/forum-file-uploads/lincoln/syncbackup.rb_.txt", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/wp-content/forum-file-uploads/lincoln/syncbackup.rb_.txt" - }, - { - "name" : "http://www.2brightsparks.com/freeware/changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.2brightsparks.com/freeware/changes.html" - }, - { - "name" : "40311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40311" - }, - { - "name" : "64752", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64752" - }, - { - "name" : "39865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39865" - }, - { - "name" : "syncback-sps-bo(58727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64752", + "refsource": "OSVDB", + "url": "http://osvdb.org/64752" + }, + { + "name": "http://www.corelan.be:8800/wp-content/forum-file-uploads/lincoln/syncbackup.rb_.txt", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/wp-content/forum-file-uploads/lincoln/syncbackup.rb_.txt" + }, + { + "name": "39865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39865" + }, + { + "name": "http://www.2brightsparks.com/freeware/changes.html", + "refsource": "CONFIRM", + "url": "http://www.2brightsparks.com/freeware/changes.html" + }, + { + "name": "syncback-sps-bo(58727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58727" + }, + { + "name": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-041-syncback-freeware-v3-2-20-0/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-041-syncback-freeware-v3-2-20-0/" + }, + { + "name": "40311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40311" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1795.json b/2010/1xxx/CVE-2010-1795.json index 20b47b82a31..02a488f5383 100644 --- a/2010/1xxx/CVE-2010-1795.json +++ b/2010/1xxx/CVE-2010-1795.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100818 ACROS Security: Remote Binary Planting in Apple iTunes for Windows (ASPR #2010-08-18-1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513190/100/0/threaded" - }, - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt" - }, - { - "name" : "http://support.apple.com/kb/HT4105", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4105" - }, - { - "name" : "42541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42541" - }, - { - "name" : "oval:org.mitre.oval:def:7217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7217" - }, - { - "name" : "itunes-dll-code-execution(61223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "itunes-dll-code-execution(61223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61223" + }, + { + "name": "http://support.apple.com/kb/HT4105", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4105" + }, + { + "name": "oval:org.mitre.oval:def:7217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7217" + }, + { + "name": "42541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42541" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt" + }, + { + "name": "20100818 ACROS Security: Remote Binary Planting in Apple iTunes for Windows (ASPR #2010-08-18-1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513190/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4133.json b/2010/4xxx/CVE-2010-4133.json index c6e7d8de4fd..81ea18a58e2 100644 --- a/2010/4xxx/CVE-2010-4133.json +++ b/2010/4xxx/CVE-2010-4133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4133", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4133", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4159.json b/2010/4xxx/CVE-2010-4159.json index 5d73ad8a874..6db50adbc3c 100644 --- a/2010/4xxx/CVE-2010-4159.json +++ b/2010/4xxx/CVE-2010-4159.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.", - "refsource" : "MLIST", - "url" : "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html" - }, - { - "name" : "[oss-security] 20101110 CVE request: mono loading shared libs from cwd", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128939873515821&w=2" - }, - { - "name" : "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128939912716499&w=2" - }, - { - "name" : "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128941802415318&w=2" - }, - { - "name" : "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading", - "refsource" : "CONFIRM", - "url" : "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=641915", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=641915" - }, - { - "name" : "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625", - "refsource" : "CONFIRM", - "url" : "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625" - }, - { - "name" : "MDVSA-2010:240", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240" - }, - { - "name" : "44810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44810" - }, - { - "name" : "42174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42174" - }, - { - "name" : "ADV-2010-3059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625", + "refsource": "CONFIRM", + "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625" + }, + { + "name": "ADV-2010-3059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3059" + }, + { + "name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.", + "refsource": "MLIST", + "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html" + }, + { + "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128941802415318&w=2" + }, + { + "name": "MDVSA-2010:240", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240" + }, + { + "name": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading", + "refsource": "CONFIRM", + "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading" + }, + { + "name": "42174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42174" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=641915", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915" + }, + { + "name": "44810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44810" + }, + { + "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128939912716499&w=2" + }, + { + "name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128939873515821&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4628.json b/2010/4xxx/CVE-2010-4628.json index 60bb3c1bfb9..1c96c661f3d 100644 --- a/2010/4xxx/CVE-2010-4628.json +++ b/2010/4xxx/CVE-2010-4628.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/08/7" - }, - { - "name" : "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/11/8" - }, - { - "name" : "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/06/2" - }, - { - "name" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" - }, - { - "name" : "http://dev.mybboard.net/issues/662", - "refsource" : "CONFIRM", - "url" : "http://dev.mybboard.net/issues/662" - }, - { - "name" : "mybb-sqlcount-dos(64514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" + }, + { + "name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/08/7" + }, + { + "name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/11/8" + }, + { + "name": "mybb-sqlcount-dos(64514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64514" + }, + { + "name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/06/2" + }, + { + "name": "http://dev.mybboard.net/issues/662", + "refsource": "CONFIRM", + "url": "http://dev.mybboard.net/issues/662" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4832.json b/2010/4xxx/CVE-2010-4832.json index e395b48e402..8642af95e87 100644 --- a/2010/4xxx/CVE-2010-4832.json +++ b/2010/4xxx/CVE-2010-4832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-4832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=dba8cb76371960457e91b31fa396478f809a5a34", - "refsource" : "MISC", - "url" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=dba8cb76371960457e91b31fa396478f809a5a34" - }, - { - "name" : "https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34" - }, - { - "name" : "JVN#43105011", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN43105011/index.html" - }, - { - "name" : "JVNDB-2011-000053", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=dba8cb76371960457e91b31fa396478f809a5a34", + "refsource": "MISC", + "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=dba8cb76371960457e91b31fa396478f809a5a34" + }, + { + "name": "https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34", + "refsource": "CONFIRM", + "url": "https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34" + }, + { + "name": "JVN#43105011", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN43105011/index.html" + }, + { + "name": "JVNDB-2011-000053", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5203.json b/2010/5xxx/CVE-2010-5203.json index f478c87b85e..f876cc2dd20 100644 --- a/2010/5xxx/CVE-2010-5203.json +++ b/2010/5xxx/CVE-2010-5203.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf" - }, - { - "name" : "41388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf", + "refsource": "CONFIRM", + "url": "http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf" + }, + { + "name": "41388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41388" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0194.json b/2014/0xxx/CVE-2014-0194.json index d688e79560c..e03a6b44baf 100644 --- a/2014/0xxx/CVE-2014-0194.json +++ b/2014/0xxx/CVE-2014-0194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0194", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0194", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0685.json b/2014/0xxx/CVE-2014-0685.json index f06acb80f69..bc9e4402f79 100644 --- a/2014/0xxx/CVE-2014-0685.json +++ b/2014/0xxx/CVE-2014-0685.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130" - }, - { - "name" : "20140505 Cisco Nexus 1000V Access Control List Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140505 Cisco Nexus 1000V Access Control List Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34130" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0813.json b/2014/0xxx/CVE-2014-0813.json index c78d9afe789..08c4cbbe1cb 100644 --- a/2014/0xxx/CVE-2014-0813.json +++ b/2014/0xxx/CVE-2014-0813.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyfaq.de/advisory_2014-02-04.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2014-02-04.php" - }, - { - "name" : "JVN#50943964", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN50943964/index.html" - }, - { - "name" : "JVNDB-2014-000016", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016" - }, - { - "name" : "65368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65368" - }, - { - "name" : "102939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102939" - }, - { - "name" : "56006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56006" - }, - { - "name" : "phpmyfaq-cve20140813-csrf(90963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#50943964", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN50943964/index.html" + }, + { + "name": "102939", + "refsource": "OSVDB", + "url": "http://osvdb.org/102939" + }, + { + "name": "JVNDB-2014-000016", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016" + }, + { + "name": "65368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65368" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2014-02-04.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2014-02-04.php" + }, + { + "name": "56006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56006" + }, + { + "name": "phpmyfaq-cve20140813-csrf(90963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0818.json b/2014/0xxx/CVE-2014-0818.json index 048b545c7d7..d61478b2423 100644 --- a/2014/0xxx/CVE-2014-0818.json +++ b/2014/0xxx/CVE-2014-0818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#33382534", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33382534/index.html" - }, - { - "name" : "JVNDB-2014-000019", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000019", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019" + }, + { + "name": "JVN#33382534", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33382534/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0968.json b/2014/0xxx/CVE-2014-0968.json index 2cc85e455ca..b30f9bc7c51 100644 --- a/2014/0xxx/CVE-2014-0968.json +++ b/2014/0xxx/CVE-2014-0968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677301", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677301" - }, - { - "name" : "ibm-imdm-cve20140968-xss(92884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677301", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677301" + }, + { + "name": "ibm-imdm-cve20140968-xss(92884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92884" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10045.json b/2014/10xxx/CVE-2014-10045.json index 3c3508204ca..eb4cdc6dd54 100644 --- a/2014/10xxx/CVE-2014-10045.json +++ b/2014/10xxx/CVE-2014-10045.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Program Headers in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Program Headers in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1233.json b/2014/1xxx/CVE-2014-1233.json index 52a96f439dd..890c87ea0fa 100644 --- a/2014/1xxx/CVE-2014-1233.json +++ b/2014/1xxx/CVE-2014-1233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/08/1" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html" + }, + { + "name": "[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1425.json b/2014/1xxx/CVE-2014-1425.json index 9df18d1ca27..4ec86fc1772 100644 --- a/2014/1xxx/CVE-2014-1425.json +++ b/2014/1xxx/CVE-2014-1425.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-1425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2451-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2451-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2451-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2451-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4049.json b/2014/4xxx/CVE-2014-4049.json index 2cf4e2f6719..7886072e0e3 100644 --- a/2014/4xxx/CVE-2014-4049.json +++ b/2014/4xxx/CVE-2014-4049.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/13/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108447", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108447" - }, - { - "name" : "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-2961", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2961" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "SUSE-SU-2014:0868", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html" - }, - { - "name" : "SUSE-SU-2014:0869", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0942", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html" - }, - { - "name" : "openSUSE-SU-2014:0841", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html" - }, - { - "name" : "68007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68007" - }, - { - "name" : "1030435", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030435" - }, - { - "name" : "59270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59270" - }, - { - "name" : "59652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59652" - }, - { - "name" : "60998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60998" - }, - { - "name" : "59513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59513" - }, - { - "name" : "59329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59329" - }, - { - "name" : "59418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59418" - }, - { - "name" : "59496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59329" + }, + { + "name": "SUSE-SU-2014:0868", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html" + }, + { + "name": "59418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59418" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" + }, + { + "name": "59496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59496" + }, + { + "name": "1030435", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030435" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "59652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59652" + }, + { + "name": "68007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68007" + }, + { + "name": "59513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59513" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "SUSE-SU-2014:0869", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html" + }, + { + "name": "60998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60998" + }, + { + "name": "59270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59270" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "openSUSE-SU-2014:0841", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447" + }, + { + "name": "DSA-2961", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2961" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468" + }, + { + "name": "[oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/13/4" + }, + { + "name": "openSUSE-SU-2014:0942", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4293.json b/2014/4xxx/CVE-2014-4293.json index 0fcca3f51ae..54c903e664e 100644 --- a/2014/4xxx/CVE-2014-4293.json +++ b/2014/4xxx/CVE-2014-4293.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70490" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4648.json b/2014/4xxx/CVE-2014-4648.json index 1e36342915a..84610fc0a84 100644 --- a/2014/4xxx/CVE-2014-4648.json +++ b/2014/4xxx/CVE-2014-4648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a \"security failure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://piwigo.org/forum/viewtopic.php?id=24009", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/forum/viewtopic.php?id=24009" - }, - { - "name" : "http://piwigo.org/releases/2.6.3", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.6.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a \"security failure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwigo.org/releases/2.6.3", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.6.3" + }, + { + "name": "http://piwigo.org/forum/viewtopic.php?id=24009", + "refsource": "CONFIRM", + "url": "http://piwigo.org/forum/viewtopic.php?id=24009" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4781.json b/2014/4xxx/CVE-2014-4781.json index 40b3238c334..deba1342db4 100644 --- a/2014/4xxx/CVE-2014-4781.json +++ b/2014/4xxx/CVE-2014-4781.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693053" - }, - { - "name" : "ibm-biginsights-cve20144781-tracing(95028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693053", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693053" + }, + { + "name": "ibm-biginsights-cve20144781-tracing(95028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95028" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4868.json b/2014/4xxx/CVE-2014-4868.json index 843653502f5..96affc12e29 100644 --- a/2014/4xxx/CVE-2014-4868.json +++ b/2014/4xxx/CVE-2014-4868.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#111588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/111588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#111588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/111588" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9045.json b/2014/9xxx/CVE-2014-9045.json index e6bf3ed04ef..e12aa43331d 100644 --- a/2014/9xxx/CVE-2014-9045.json +++ b/2014/9xxx/CVE-2014-9045.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-022", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9109.json b/2014/9xxx/CVE-2014-9109.json index 9bef7c9cecb..2d94aa32e37 100644 --- a/2014/9xxx/CVE-2014-9109.json +++ b/2014/9xxx/CVE-2014-9109.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9109", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9109", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9176.json b/2014/9xxx/CVE-2014-9176.json index 2ca7a9dd47c..944a6b2decb 100644 --- a/2014/9xxx/CVE-2014-9176.json +++ b/2014/9xxx/CVE-2014-9176.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://h4x0resec.blogspot.com/2014/11/wordpress-sexy-squeeze-pages-plugin.html", - "refsource" : "MISC", - "url" : "http://h4x0resec.blogspot.com/2014/11/wordpress-sexy-squeeze-pages-plugin.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129285/WordPress-Sexy-Squeeze-Pages-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129285/WordPress-Sexy-Squeeze-Pages-Cross-Site-Scripting.html" - }, - { - "name" : "wp-sexysqueezepages-xss(98986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://h4x0resec.blogspot.com/2014/11/wordpress-sexy-squeeze-pages-plugin.html", + "refsource": "MISC", + "url": "http://h4x0resec.blogspot.com/2014/11/wordpress-sexy-squeeze-pages-plugin.html" + }, + { + "name": "http://packetstormsecurity.com/files/129285/WordPress-Sexy-Squeeze-Pages-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129285/WordPress-Sexy-Squeeze-Pages-Cross-Site-Scripting.html" + }, + { + "name": "wp-sexysqueezepages-xss(98986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98986" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3073.json b/2016/3xxx/CVE-2016-3073.json index d0efe734756..721309bc0da 100644 --- a/2016/3xxx/CVE-2016-3073.json +++ b/2016/3xxx/CVE-2016-3073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3073", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3079. Reason: This candidate is a reservation duplicate of CVE-2016-3079. Notes: All CVE users should reference CVE-2016-3079 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3073", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3079. Reason: This candidate is a reservation duplicate of CVE-2016-3079. Notes: All CVE users should reference CVE-2016-3079 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3234.json b/2016/3xxx/CVE-2016-3234.json index 2a145c5b9a6..43cb8bdd01a 100644 --- a/2016/3xxx/CVE-2016-3234.json +++ b/2016/3xxx/CVE-2016-3234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-070", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070" - }, - { - "name" : "1036093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-070", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070" + }, + { + "name": "1036093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036093" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3437.json b/2016/3xxx/CVE-2016-3437.json index 9db2526d9b4..264004e7c4f 100644 --- a/2016/3xxx/CVE-2016-3437.json +++ b/2016/3xxx/CVE-2016-3437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address Page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3437", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3437" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035603", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address Page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3437", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3437" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "1035603", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035603" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3581.json b/2016/3xxx/CVE-2016-3581.json index 009a43a8efd..9622d76510f 100644 --- a/2016/3xxx/CVE-2016-3581.json +++ b/2016/3xxx/CVE-2016-3581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91931" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91931" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3855.json b/2016/3xxx/CVE-2016-3855.json index 065746ce0db..26ac99e3e75 100644 --- a/2016/3xxx/CVE-2016-3855.json +++ b/2016/3xxx/CVE-2016-3855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4" - }, - { - "name" : "92256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92256" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3996.json b/2016/3xxx/CVE-2016-3996.json index ab232be7b5b..c326e24dacd 100644 --- a/2016/3xxx/CVE-2016-3996.json +++ b/2016/3xxx/CVE-2016-3996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160416 [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538113/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html" + }, + { + "name": "20160416 [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538113/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7200.json b/2016/7xxx/CVE-2016-7200.json index cd5e8f2103b..2294fd26ee4 100644 --- a/2016/7xxx/CVE-2016-7200.json +++ b/2016/7xxx/CVE-2016-7200.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40990/" - }, - { - "name" : "40785", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40785/" - }, - { - "name" : "https://github.com/theori-io/chakra-2016-11", - "refsource" : "MISC", - "url" : "https://github.com/theori-io/chakra-2016-11" - }, - { - "name" : "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html" - }, - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "93968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93968" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html" + }, + { + "name": "40785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40785/" + }, + { + "name": "https://github.com/theori-io/chakra-2016-11", + "refsource": "MISC", + "url": "https://github.com/theori-io/chakra-2016-11" + }, + { + "name": "93968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93968" + }, + { + "name": "40990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40990/" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7435.json b/2016/7xxx/CVE-2016-7435.json index c02ef94a7fc..46a2a5e1a75 100644 --- a/2016/7xxx/CVE-2016-7435.json +++ b/2016/7xxx/CVE-2016-7435.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/0" - }, - { - "name" : "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/2" - }, - { - "name" : "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/1" - }, - { - "name" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016" - }, - { - "name" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv" - }, - { - "name" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp" - }, - { - "name" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog" - }, - { - "name" : "93272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/1" + }, + { + "name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/0" + }, + { + "name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv" + }, + { + "name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp" + }, + { + "name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog" + }, + { + "name": "93272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93272" + }, + { + "name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/2" + }, + { + "name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7683.json b/2016/7xxx/CVE-2016-7683.json index 965616e65c1..a4a5dc83997 100644 --- a/2016/7xxx/CVE-2016-7683.json +++ b/2016/7xxx/CVE-2016-7683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7683", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7683", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7853.json b/2016/7xxx/CVE-2016-7853.json index d313d921b7a..15c50a81f72 100644 --- a/2016/7xxx/CVE-2016-7853.json +++ b/2016/7xxx/CVE-2016-7853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8421.json b/2016/8xxx/CVE-2016-8421.json index 5974cb05a4f..40cd3646f91 100644 --- a/2016/8xxx/CVE-2016-8421.json +++ b/2016/8xxx/CVE-2016-8421.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96047" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96047" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8435.json b/2016/8xxx/CVE-2016-8435.json index ea5d09b0b93..b7e6c76f108 100644 --- a/2016/8xxx/CVE-2016-8435.json +++ b/2016/8xxx/CVE-2016-8435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95254" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8811.json b/2016/8xxx/CVE-2016-8811.json index efef1ab8c10..9e7e94450c3 100644 --- a/2016/8xxx/CVE-2016-8811.json +++ b/2016/8xxx/CVE-2016-8811.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40662", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40662/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-10822", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-10822" - }, - { - "name" : "93988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40662", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40662/" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-10822", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-10822" + }, + { + "name": "93988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93988" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8894.json b/2016/8xxx/CVE-2016-8894.json index 810a9094add..88eedfe956f 100644 --- a/2016/8xxx/CVE-2016-8894.json +++ b/2016/8xxx/CVE-2016-8894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8920.json b/2016/8xxx/CVE-2016-8920.json index 3a1fb22e793..d5c4020a1bf 100644 --- a/2016/8xxx/CVE-2016-8920.json +++ b/2016/8xxx/CVE-2016-8920.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" - }, - { - "name" : "94303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94303" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993982", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993982" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8938.json b/2016/8xxx/CVE-2016-8938.json index 8fb6e3bcf5e..21acb2f7ea0 100644 --- a/2016/8xxx/CVE-2016-8938.json +++ b/2016/8xxx/CVE-2016-8938.json @@ -1,190 +1,190 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UrbanCode Deploy", - "version" : { - "version_data" : [ - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.1.1" - }, - { - "version_value" : "6.0.1.2" - }, - { - "version_value" : "6.0.1.3" - }, - { - "version_value" : "6.0.1.4" - }, - { - "version_value" : "6.0.1.5" - }, - { - "version_value" : "6.0.1.6" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.1.0.1" - }, - { - "version_value" : "6.1.0.3" - }, - { - "version_value" : "6.0.1.7" - }, - { - "version_value" : "6.0.1.8" - }, - { - "version_value" : "6.1.0.4" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.1.1.1" - }, - { - "version_value" : "6.1.1.2" - }, - { - "version_value" : "6.1.1.3" - }, - { - "version_value" : "6.1.1.4" - }, - { - "version_value" : "6.1.1.5" - }, - { - "version_value" : "6.0.1.9" - }, - { - "version_value" : "6.1.1.6" - }, - { - "version_value" : "6.1.1.7" - }, - { - "version_value" : "6.1.2" - }, - { - "version_value" : "6.0.1.10" - }, - { - "version_value" : "6.0.1.11" - }, - { - "version_value" : "6.1.1.8" - }, - { - "version_value" : "6.1.3" - }, - { - "version_value" : "6.1.3.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.2.0.1" - }, - { - "version_value" : "6.0.1.12" - }, - { - "version_value" : "6.1.3.2" - }, - { - "version_value" : "6.2.0.2" - }, - { - "version_value" : "6.2.1" - }, - { - "version_value" : "6.0.1.13" - }, - { - "version_value" : "6.2.1.1" - }, - { - "version_value" : "6.0.1.14" - }, - { - "version_value" : "6.1.3.3" - }, - { - "version_value" : "6.2.1.2" - }, - { - "version_value" : "6.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.1.1" + }, + { + "version_value": "6.0.1.2" + }, + { + "version_value": "6.0.1.3" + }, + { + "version_value": "6.0.1.4" + }, + { + "version_value": "6.0.1.5" + }, + { + "version_value": "6.0.1.6" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.1.0.1" + }, + { + "version_value": "6.1.0.3" + }, + { + "version_value": "6.0.1.7" + }, + { + "version_value": "6.0.1.8" + }, + { + "version_value": "6.1.0.4" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.1.1.1" + }, + { + "version_value": "6.1.1.2" + }, + { + "version_value": "6.1.1.3" + }, + { + "version_value": "6.1.1.4" + }, + { + "version_value": "6.1.1.5" + }, + { + "version_value": "6.0.1.9" + }, + { + "version_value": "6.1.1.6" + }, + { + "version_value": "6.1.1.7" + }, + { + "version_value": "6.1.2" + }, + { + "version_value": "6.0.1.10" + }, + { + "version_value": "6.0.1.11" + }, + { + "version_value": "6.1.1.8" + }, + { + "version_value": "6.1.3" + }, + { + "version_value": "6.1.3.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.2.0.1" + }, + { + "version_value": "6.0.1.12" + }, + { + "version_value": "6.1.3.2" + }, + { + "version_value": "6.2.0.2" + }, + { + "version_value": "6.2.1" + }, + { + "version_value": "6.0.1.13" + }, + { + "version_value": "6.2.1.1" + }, + { + "version_value": "6.0.1.14" + }, + { + "version_value": "6.1.3.3" + }, + { + "version_value": "6.2.1.2" + }, + { + "version_value": "6.2.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000237", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000237" - }, - { - "name" : "95289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95289" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9124.json b/2016/9xxx/CVE-2016-9124.json index 32f844abefe..7fd1622d27c 100644 --- a/2016/9xxx/CVE-2016-9124.json +++ b/2016/9xxx/CVE-2016-9124.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Revive Adserver All versions before 3.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "Revive Adserver All versions before 3.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of Excessive Authentication Attempts (CWE-307)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Revive Adserver All versions before 3.2.3", + "version": { + "version_data": [ + { + "version_value": "Revive Adserver All versions before 3.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9", - "refsource" : "MISC", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9" - }, - { - "name" : "https://hackerone.com/reports/96115", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/96115" - }, - { - "name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", - "refsource" : "MISC", - "url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Excessive Authentication Attempts (CWE-307)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/96115", + "refsource": "MISC", + "url": "https://hackerone.com/reports/96115" + }, + { + "name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", + "refsource": "MISC", + "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9", + "refsource": "MISC", + "url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9656.json b/2016/9xxx/CVE-2016-9656.json index 4392de923f5..8d8fdfbc1fb 100644 --- a/2016/9xxx/CVE-2016-9656.json +++ b/2016/9xxx/CVE-2016-9656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9656", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2434.json b/2019/2xxx/CVE-2019-2434.json index 0363d5f4473..eaab202f75e 100644 --- a/2019/2xxx/CVE-2019-2434.json +++ b/2019/2xxx/CVE-2019-2434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106619" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file