diff --git a/2006/0xxx/CVE-2006-0211.json b/2006/0xxx/CVE-2006-0211.json index f367dc5aa88..2f317e703f0 100644 --- a/2006/0xxx/CVE-2006-0211.json +++ b/2006/0xxx/CVE-2006-0211.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 Helm XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421791/100/0/threaded" - }, - { - "name" : "http://www.webhostautomation.com/webhost-301", - "refsource" : "CONFIRM", - "url" : "http://www.webhostautomation.com/webhost-301" - }, - { - "name" : "16234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16234" - }, - { - "name" : "ADV-2006-0203", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0203" - }, - { - "name" : "22454", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22454" - }, - { - "name" : "18492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18492" - }, - { - "name" : "helm-forgotpassword-xss(24139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0203", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0203" + }, + { + "name": "helm-forgotpassword-xss(24139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24139" + }, + { + "name": "22454", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22454" + }, + { + "name": "20060112 Helm XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421791/100/0/threaded" + }, + { + "name": "18492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18492" + }, + { + "name": "http://www.webhostautomation.com/webhost-301", + "refsource": "CONFIRM", + "url": "http://www.webhostautomation.com/webhost-301" + }, + { + "name": "16234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16234" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0371.json b/2006/0xxx/CVE-2006-0371.json index b2d236dad33..831ebbeb735 100644 --- a/2006/0xxx/CVE-2006-0371.json +++ b/2006/0xxx/CVE-2006-0371.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422499/100/0/threaded" - }, - { - "name" : "20060611 RCblog 1.03 Directory Traversal [index.php]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436784/30/4500/threaded" - }, - { - "name" : "http://evuln.com/vulns/42/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/42/summary.html" - }, - { - "name" : "http://www.fluffington.com/index.php?page=rcblog", - "refsource" : "MISC", - "url" : "http://www.fluffington.com/index.php?page=rcblog" - }, - { - "name" : "20060218 RCblog exploit [fun]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425392/100/0/threaded" - }, - { - "name" : "16342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16342" - }, - { - "name" : "22680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22680" - }, - { - "name" : "1015523", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015523" - }, - { - "name" : "18547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18547" - }, - { - "name" : "rcblog-index-directory-traversal(24248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24248" - }, - { - "name" : "rcblog-index-file-include(27042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422499/100/0/threaded" + }, + { + "name": "16342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16342" + }, + { + "name": "1015523", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015523" + }, + { + "name": "rcblog-index-directory-traversal(24248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24248" + }, + { + "name": "22680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22680" + }, + { + "name": "20060218 RCblog exploit [fun]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425392/100/0/threaded" + }, + { + "name": "rcblog-index-file-include(27042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27042" + }, + { + "name": "18547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18547" + }, + { + "name": "http://evuln.com/vulns/42/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/42/summary.html" + }, + { + "name": "20060611 RCblog 1.03 Directory Traversal [index.php]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436784/30/4500/threaded" + }, + { + "name": "http://www.fluffington.com/index.php?page=rcblog", + "refsource": "MISC", + "url": "http://www.fluffington.com/index.php?page=rcblog" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0569.json b/2006/0xxx/CVE-2006-0569.json index 39facb8ce8c..e5540560d67 100644 --- a/2006/0xxx/CVE-2006-0569.json +++ b/2006/0xxx/CVE-2006-0569.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-0438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0438" - }, - { - "name" : "22913", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22913" - }, - { - "name" : "18721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18721" - }, - { - "name" : "papoo-username-xss(24500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22913", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22913" + }, + { + "name": "ADV-2006-0438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0438" + }, + { + "name": "18721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18721" + }, + { + "name": "papoo-username-xss(24500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24500" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0653.json b/2006/0xxx/CVE-2006-0653.json index 6e96503c3ec..d8609f7c251 100644 --- a/2006/0xxx/CVE-2006-0653.json +++ b/2006/0xxx/CVE-2006-0653.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424741/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/59/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/59/summary.html" - }, - { - "name" : "16562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16562" - }, - { - "name" : "18782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16562" + }, + { + "name": "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424741/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/59/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/59/summary.html" + }, + { + "name": "18782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18782" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0814.json b/2006/0xxx/CVE-2006-0814.json index 556f9fbceb4..d84ec1da1f8 100644 --- a/2006/0xxx/CVE-2006-0814.json +++ b/2006/0xxx/CVE-2006-0814.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) \".\" (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060301 Secunia Research: Lighttpd Script Source Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426446/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-9/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-9/advisory/" - }, - { - "name" : "http://trac.lighttpd.net/trac/changeset/1005", - "refsource" : "CONFIRM", - "url" : "http://trac.lighttpd.net/trac/changeset/1005" - }, - { - "name" : "16893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16893" - }, - { - "name" : "ADV-2006-0782", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0782" - }, - { - "name" : "23542", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23542" - }, - { - "name" : "1015703", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015703" - }, - { - "name" : "18886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18886" - }, - { - "name" : "523", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/523" - }, - { - "name" : "lighttpd-source-code-disclosure(24976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) \".\" (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060301 Secunia Research: Lighttpd Script Source Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426446/100/0/threaded" + }, + { + "name": "http://trac.lighttpd.net/trac/changeset/1005", + "refsource": "CONFIRM", + "url": "http://trac.lighttpd.net/trac/changeset/1005" + }, + { + "name": "23542", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23542" + }, + { + "name": "18886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18886" + }, + { + "name": "ADV-2006-0782", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0782" + }, + { + "name": "523", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/523" + }, + { + "name": "16893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16893" + }, + { + "name": "http://secunia.com/secunia_research/2006-9/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-9/advisory/" + }, + { + "name": "lighttpd-source-code-disclosure(24976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24976" + }, + { + "name": "1015703", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015703" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0846.json b/2006/0xxx/CVE-2006-0846.json index f0be023adb9..fd514a1f1c3 100644 --- a/2006/0xxx/CVE-2006-0846.json +++ b/2006/0xxx/CVE-2006-0846.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the \"Log\" page, possibly using the ViewCommentsLog function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.evuln.com/vulns/82/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/82/summary.html" - }, - { - "name" : "16715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16715" - }, - { - "name" : "18923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18923" - }, - { - "name" : "522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/522" - }, - { - "name" : "webblog-headers-xss(24758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the \"Log\" page, possibly using the ViewCommentsLog function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.evuln.com/vulns/82/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/82/summary.html" + }, + { + "name": "16715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16715" + }, + { + "name": "18923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18923" + }, + { + "name": "webblog-headers-xss(24758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24758" + }, + { + "name": "522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/522" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1424.json b/2006/1xxx/CVE-2006-1424.json index aa3504278ed..37fdcc7d6e2 100644 --- a/2006/1xxx/CVE-2006-1424.json +++ b/2006/1xxx/CVE-2006-1424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1424", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1482. Reason: This candidate is a duplicate of CVE-2006-1482. Notes: All CVE users should reference CVE-2006-1482 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-1424", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1482. Reason: This candidate is a duplicate of CVE-2006-1482. Notes: All CVE users should reference CVE-2006-1482 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1515.json b/2006/1xxx/CVE-2006-1515.json index c61bfa01443..e6280708fae 100644 --- a/2006/1xxx/CVE-2006-1515.json +++ b/2006/1xxx/CVE-2006-1515.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1084", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1084" - }, - { - "name" : "GLSA-200606-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-20.xml" - }, - { - "name" : "18194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18194" - }, - { - "name" : "ADV-2006-2087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2087" - }, - { - "name" : "20379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20379" - }, - { - "name" : "20393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20393" - }, - { - "name" : "20708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20708" + }, + { + "name": "18194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18194" + }, + { + "name": "GLSA-200606-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-20.xml" + }, + { + "name": "20379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20379" + }, + { + "name": "20393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20393" + }, + { + "name": "DSA-1084", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1084" + }, + { + "name": "ADV-2006-2087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2087" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1556.json b/2006/1xxx/CVE-2006-1556.json index 8b11bc17bcc..ff568a05cb0 100644 --- a/2006/1xxx/CVE-2006-1556.json +++ b/2006/1xxx/CVE-2006-1556.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060328 XSS in AL-Caricatier", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429095/100/0/threaded" - }, - { - "name" : "17289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17289" - }, - { - "name" : "17292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17292" - }, - { - "name" : "alcaricatier-viewcaricatier-xss(25493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060328 XSS in AL-Caricatier", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429095/100/0/threaded" + }, + { + "name": "17289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17289" + }, + { + "name": "17292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17292" + }, + { + "name": "alcaricatier-viewcaricatier-xss(25493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25493" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1575.json b/2006/1xxx/CVE-2006-1575.json index 4a8a1b308a3..c4793f62826 100644 --- a/2006/1xxx/CVE-2006-1575.json +++ b/2006/1xxx/CVE-2006-1575.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 [eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430741/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/113/description.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/113/description.html" - }, - { - "name" : "17335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17335" - }, - { - "name" : "24290", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24290" - }, - { - "name" : "19479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19479" - }, - { - "name" : "699", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/699" - }, - { - "name" : "qlnews-news-xss(25546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "699", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/699" + }, + { + "name": "http://evuln.com/vulns/113/description.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/113/description.html" + }, + { + "name": "17335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17335" + }, + { + "name": "qlnews-news-xss(25546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25546" + }, + { + "name": "19479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19479" + }, + { + "name": "20060412 [eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430741/100/0/threaded" + }, + { + "name": "24290", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24290" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1732.json b/2006/1xxx/CVE-2006-1732.json index 814c123eef2..05b433778d4 100644 --- a/2006/1xxx/CVE-2006-1732.json +++ b/2006/1xxx/CVE-2006-1732.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-17.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313373", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313373" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "MDKSA-2006:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "SUSE-SA:2006:021", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:10232", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10232" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3391" - }, - { - "name" : "oval:org.mitre.oval:def:1887", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1887" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19794" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "19721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19721" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19696" - }, - { - "name" : "19729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19729" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "mozilla-windows-controllers-xss(25818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10232", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10232" + }, + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-17.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-17.html" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "MDKSA-2006:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "19794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19794" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19696" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SUSE-SA:2006:021", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" + }, + { + "name": "oval:org.mitre.oval:def:1887", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1887" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "mozilla-windows-controllers-xss(25818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25818" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "19729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19729" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=313373", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=313373" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "19721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19721" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "ADV-2006-3391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3391" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1874.json b/2006/1xxx/CVE-2006-1874.json index 2119ab3430d..ac667518abf 100644 --- a/2006/1xxx/CVE-2006-1874.json +++ b/2006/1xxx/CVE-2006-1874.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" - }, - { - "name" : "HPSBMA02113", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "SSRT061148", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "17590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17590" - }, - { - "name" : "ADV-2006-1397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1397" - }, - { - "name" : "ADV-2006-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1571" - }, - { - "name" : "1015961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015961" - }, - { - "name" : "19712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19712" - }, - { - "name" : "19859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19859" - }, - { - "name" : "oracle-prvtidx-sql-injection(26053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19712" + }, + { + "name": "19859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19859" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" + }, + { + "name": "ADV-2006-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1571" + }, + { + "name": "17590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17590" + }, + { + "name": "SSRT061148", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html" + }, + { + "name": "ADV-2006-1397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1397" + }, + { + "name": "HPSBMA02113", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "oracle-prvtidx-sql-injection(26053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26053" + }, + { + "name": "1015961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015961" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4005.json b/2006/4xxx/CVE-2006-4005.json index 1a7c5e3f2c4..9cedf8f19ab 100644 --- a/2006/4xxx/CVE-2006-4005.json +++ b/2006/4xxx/CVE-2006-4005.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/bcloneboom.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/bcloneboom.zip" - }, - { - "name" : "DSA-1180", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1180" - }, - { - "name" : "19255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19255" - }, - { - "name" : "ADV-2006-3067", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3067" - }, - { - "name" : "27647", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27647" - }, - { - "name" : "27649", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27649" - }, - { - "name" : "21303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21303" - }, - { - "name" : "21985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21985" - }, - { - "name" : "bomberclone-error-packet-dos(28093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28093" - }, - { - "name" : "bomberclone-rscacheadd-dos(28090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21303" + }, + { + "name": "19255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19255" + }, + { + "name": "27647", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27647" + }, + { + "name": "DSA-1180", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1180" + }, + { + "name": "http://aluigi.org/poc/bcloneboom.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/bcloneboom.zip" + }, + { + "name": "27649", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27649" + }, + { + "name": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt" + }, + { + "name": "bomberclone-rscacheadd-dos(28090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28090" + }, + { + "name": "bomberclone-error-packet-dos(28093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28093" + }, + { + "name": "ADV-2006-3067", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3067" + }, + { + "name": "21985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21985" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4966.json b/2006/4xxx/CVE-2006-4966.json index 82e0de1cc2d..01514d6230b 100644 --- a/2006/4xxx/CVE-2006-4966.json +++ b/2006/4xxx/CVE-2006-4966.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060921 SolpotCrew Advisory #12 - phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446748/100/0/threaded" - }, - { - "name" : "http://www.nyubicrew.org/adv/solpot-adv-08.txt", - "refsource" : "MISC", - "url" : "http://www.nyubicrew.org/adv/solpot-adv-08.txt" - }, - { - "name" : "2410", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2410" - }, - { - "name" : "20142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20142" - }, - { - "name" : "22042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22042" - }, - { - "name" : "1630", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1630" - }, - { - "name" : "phpquestionnaire-ifunctions-file-include(29081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nyubicrew.org/adv/solpot-adv-08.txt", + "refsource": "MISC", + "url": "http://www.nyubicrew.org/adv/solpot-adv-08.txt" + }, + { + "name": "2410", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2410" + }, + { + "name": "22042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22042" + }, + { + "name": "phpquestionnaire-ifunctions-file-include(29081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29081" + }, + { + "name": "1630", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1630" + }, + { + "name": "20060921 SolpotCrew Advisory #12 - phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446748/100/0/threaded" + }, + { + "name": "20142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20142" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5573.json b/2006/5xxx/CVE-2006-5573.json index 937cfc4603b..57528052224 100644 --- a/2006/5xxx/CVE-2006-5573.json +++ b/2006/5xxx/CVE-2006-5573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5573", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5573", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5918.json b/2006/5xxx/CVE-2006-5918.json index 1f9493a0043..819384d5847 100644 --- a/2006/5xxx/CVE-2006-5918.json +++ b/2006/5xxx/CVE-2006-5918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the \"Link to Download\" field. NOTE: it is possible that the field value is restricted to files on specific public web sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 PHP Rapid Kill All Version File Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450681/100/0/threaded" - }, - { - "name" : "20896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20896" - }, - { - "name" : "1862", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the \"Link to Download\" field. NOTE: it is possible that the field value is restricted to files on specific public web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1862", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1862" + }, + { + "name": "20896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20896" + }, + { + "name": "20061106 PHP Rapid Kill All Version File Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450681/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0713.json b/2010/0xxx/CVE-2010-0713.json index ad087921608..0448bbb04c5 100644 --- a/2010/0xxx/CVE-2010-0713.json +++ b/2010/0xxx/CVE-2010-0713.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100116 Zenoss Multiple Admin CSRF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508982/100/0/threaded" - }, - { - "name" : "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/", - "refsource" : "MISC", - "url" : "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/" - }, - { - "name" : "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html", - "refsource" : "CONFIRM", - "url" : "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html" - }, - { - "name" : "37843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37843" - }, - { - "name" : "61805", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61805" - }, - { - "name" : "38195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37843" + }, + { + "name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/", + "refsource": "MISC", + "url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/" + }, + { + "name": "61805", + "refsource": "OSVDB", + "url": "http://osvdb.org/61805" + }, + { + "name": "20100116 Zenoss Multiple Admin CSRF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded" + }, + { + "name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html", + "refsource": "CONFIRM", + "url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html" + }, + { + "name": "38195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38195" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0964.json b/2010/0xxx/CVE-2010-0964.json index ad09b89c78f..c0847248d96 100644 --- a/2010/0xxx/CVE-2010-0964.json +++ b/2010/0xxx/CVE-2010-0964.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txt" - }, - { - "name" : "11689", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11689" - }, - { - "name" : "62902", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62902" - }, - { - "name" : "38900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38900" - }, - { - "name" : "eroswebkatalog-start-sql-injection(56851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38900" + }, + { + "name": "11689", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11689" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/eroserotikwebkat-sql.txt" + }, + { + "name": "62902", + "refsource": "OSVDB", + "url": "http://osvdb.org/62902" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/03/11/eros-erotik-webkatalog-start-php-rubrikidsql-injection/" + }, + { + "name": "eroswebkatalog-start-sql-injection(56851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56851" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2616.json b/2010/2xxx/CVE-2010-2616.json index 86f30b32b41..1401774c093 100644 --- a/2010/2xxx/CVE-2010-2616.json +++ b/2010/2xxx/CVE-2010-2616.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt" - }, - { - "name" : "41197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41197" - }, - { - "name" : "phpbiblesearch-bible-sql-injection(59842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41197" + }, + { + "name": "phpbiblesearch-bible-sql-injection(59842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59842" + }, + { + "name": "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2890.json b/2010/2xxx/CVE-2010-2890.json index 0b6702695fa..5bd3621bcb4 100644 --- a/2010/2xxx/CVE-2010-2890.json +++ b/2010/2xxx/CVE-2010-2890.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6830", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6830" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "oval:org.mitre.oval:def:6830", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6830" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3299.json b/2010/3xxx/CVE-2010-3299.json index e21a8a9286e..65739085e83 100644 --- a/2010/3xxx/CVE-2010-3299.json +++ b/2010/3xxx/CVE-2010-3299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3680.json b/2010/3xxx/CVE-2010-3680.json index 44d985a56d8..5a13ceccfdf 100644 --- a/2010/3xxx/CVE-2010-3680.json +++ b/2010/3xxx/CVE-2010-3680.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/28/10" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=54044", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=54044" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628192", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628192" - }, - { - "name" : "DSA-2143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2143" - }, - { - "name" : "MDVSA-2010:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2011:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012" - }, - { - "name" : "RHSA-2010:0825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" - }, - { - "name" : "RHSA-2011:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" - }, - { - "name" : "TLSA-2011-3", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "42598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42598" - }, - { - "name" : "42875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42875" - }, - { - "name" : "42936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42936" - }, - { - "name" : "ADV-2011-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0105" - }, - { - "name" : "ADV-2011-0133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0133" - }, - { - "name" : "ADV-2011-0170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0170" - }, - { - "name" : "ADV-2011-0345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0345" - }, - { - "name" : "mysql-innodb-dos(64686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "42598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42598" + }, + { + "name": "mysql-innodb-dos(64686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64686" + }, + { + "name": "42875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42875" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "TLSA-2011-3", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" + }, + { + "name": "MDVSA-2011:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628192", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628192" + }, + { + "name": "ADV-2011-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0105" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "RHSA-2011:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html" + }, + { + "name": "ADV-2011-0170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0170" + }, + { + "name": "ADV-2011-0133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0133" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" + }, + { + "name": "DSA-2143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2143" + }, + { + "name": "ADV-2011-0345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0345" + }, + { + "name": "MDVSA-2010:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155" + }, + { + "name": "42936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42936" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=54044", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=54044" + }, + { + "name": "RHSA-2010:0825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html" + }, + { + "name": "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/28/10" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3728.json b/2010/3xxx/CVE-2010-3728.json index 4b395068073..33a8c5074a2 100644 --- a/2010/3xxx/CVE-2010-3728.json +++ b/2010/3xxx/CVE-2010-3728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3728", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3728", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3741.json b/2010/3xxx/CVE-2010-3741.json index 6d6ef828e4a..0f86ea32dc1 100644 --- a/2010/3xxx/CVE-2010-3741.json +++ b/2010/3xxx/CVE-2010-3741.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/", - "refsource" : "MISC", - "url" : "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/" - }, - { - "name" : "http://it.slashdot.org/story/10/10/01/166226/", - "refsource" : "MISC", - "url" : "http://it.slashdot.org/story/10/10/01/166226/" - }, - { - "name" : "http://twitter.com/elcomsoft/statuses/25954970586", - "refsource" : "MISC", - "url" : "http://twitter.com/elcomsoft/statuses/25954970586" - }, - { - "name" : "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436", - "refsource" : "MISC", - "url" : "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436" - }, - { - "name" : "oval:org.mitre.oval:def:7360", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/", + "refsource": "MISC", + "url": "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/" + }, + { + "name": "oval:org.mitre.oval:def:7360", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360" + }, + { + "name": "http://twitter.com/elcomsoft/statuses/25954970586", + "refsource": "MISC", + "url": "http://twitter.com/elcomsoft/statuses/25954970586" + }, + { + "name": "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436", + "refsource": "MISC", + "url": "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436" + }, + { + "name": "http://it.slashdot.org/story/10/10/01/166226/", + "refsource": "MISC", + "url": "http://it.slashdot.org/story/10/10/01/166226/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3892.json b/2010/3xxx/CVE-2010-3892.json index 39ba645e408..962f242c85e 100644 --- a/2010/3xxx/CVE-2010-3892.json +++ b/2010/3xxx/CVE-2010-3892.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 IBM OmniFind - several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded" - }, - { - "name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", - "refsource" : "MISC", - "url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" - }, - { - "name" : "44740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44740" - }, - { - "name" : "ADV-2010-2933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101109 IBM OmniFind - several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded" + }, + { + "name": "44740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44740" + }, + { + "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", + "refsource": "MISC", + "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" + }, + { + "name": "ADV-2010-2933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2933" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4296.json b/2010/4xxx/CVE-2010-4296.json index 145c7bb2360..7e0bee28c1d 100644 --- a/2010/4xxx/CVE-2010-4296.json +++ b/2010/4xxx/CVE-2010-4296.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514995/100/0/threaded" - }, - { - "name" : "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" - }, - { - "name" : "45168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45168" - }, - { - "name" : "69584", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69584" - }, - { - "name" : "1024819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024819" - }, - { - "name" : "1024820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024820" - }, - { - "name" : "42453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42453" - }, - { - "name" : "42482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42482" - }, - { - "name" : "ADV-2010-3116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" + }, + { + "name": "45168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45168" + }, + { + "name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded" + }, + { + "name": "42453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42453" + }, + { + "name": "1024819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024819" + }, + { + "name": "42482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42482" + }, + { + "name": "ADV-2010-3116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3116" + }, + { + "name": "1024820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024820" + }, + { + "name": "69584", + "refsource": "OSVDB", + "url": "http://osvdb.org/69584" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4395.json b/2010/4xxx/CVE-2010-4395.json index c81fbe590b9..3a499619d67 100644 --- a/2010/4xxx/CVE-2010-4395.json +++ b/2010/4xxx/CVE-2010-4395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-267", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-267" - }, - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "69854", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69854" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69854", + "refsource": "OSVDB", + "url": "http://osvdb.org/69854" + }, + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-267", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-267" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4876.json b/2010/4xxx/CVE-2010-4876.json index f111ac734ef..cb7e9f52453 100644 --- a/2010/4xxx/CVE-2010-4876.json +++ b/2010/4xxx/CVE-2010-4876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14849", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14849" - }, - { - "name" : "ADV-2010-2265", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2265", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2265" + }, + { + "name": "14849", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14849" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4976.json b/2010/4xxx/CVE-2010-4976.json index 5d66ff7be49..db8c005a2fd 100644 --- a/2010/4xxx/CVE-2010-4976.json +++ b/2010/4xxx/CVE-2010-4976.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1006-exploits/metinfo-xss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1006-exploits/metinfo-xss.txt" - }, - { - "name" : "41203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41203" - }, - { - "name" : "65839", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65839" - }, - { - "name" : "40402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40402" - }, - { - "name" : "8488", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8488" - }, - { - "name" : "metinfo-search-xss(59853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40402" + }, + { + "name": "41203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41203" + }, + { + "name": "http://www.packetstormsecurity.com/1006-exploits/metinfo-xss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1006-exploits/metinfo-xss.txt" + }, + { + "name": "8488", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8488" + }, + { + "name": "65839", + "refsource": "OSVDB", + "url": "http://osvdb.org/65839" + }, + { + "name": "metinfo-search-xss(59853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59853" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5118.json b/2011/5xxx/CVE-2011-5118.json index de182818f08..bd400e2b248 100644 --- a/2011/5xxx/CVE-2011-5118.json +++ b/2011/5xxx/CVE-2011-5118.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3128.json b/2014/3xxx/CVE-2014-3128.json index f181ba9bc43..84f26f0594a 100644 --- a/2014/3xxx/CVE-2014-3128.json +++ b/2014/3xxx/CVE-2014-3128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3128", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3128", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3222.json b/2014/3xxx/CVE-2014-3222.json index 12268821cee..b0dda8e2f60 100644 --- a/2014/3xxx/CVE-2014-3222.json +++ b/2014/3xxx/CVE-2014-3222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2014-3222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eSpace Meeting V100R001C03SPC201 and the earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "eSpace Meeting V100R001C03SPC201 and the earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper User Permission Setting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2014-3222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eSpace Meeting V100R001C03SPC201 and the earlier versions", + "version": { + "version_data": [ + { + "version_value": "eSpace Meeting V100R001C03SPC201 and the earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/hw-329170", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/hw-329170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper User Permission Setting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/hw-329170", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3888.json b/2014/3xxx/CVE-2014-3888.json index c578cc8bfc4..2eff2f63ba4 100644 --- a/2014/3xxx/CVE-2014-3888.json +++ b/2014/3xxx/CVE-2014-3888.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34009", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34009" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01" - }, - { - "name" : "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html" - }, - { - "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf" - }, - { - "name" : "108756", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/108756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf", + "refsource": "CONFIRM", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf" + }, + { + "name": "34009", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34009" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01" + }, + { + "name": "108756", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/108756" + }, + { + "name": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3911.json b/2014/3xxx/CVE-2014-3911.json index 5880a4137a5..e4033ed826f 100644 --- a/2014/3xxx/CVE-2014-3911.json +++ b/2014/3xxx/CVE-2014-3911.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip", - "refsource" : "MISC", - "url" : "http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-167/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-167/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-168/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-168/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-170/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-170/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-171/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-171/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-172/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-172/" - }, - { - "name" : "67822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-170/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-170/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-172/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-172/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-168/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-168/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-167/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-167/" + }, + { + "name": "67822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67822" + }, + { + "name": "http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip", + "refsource": "MISC", + "url": "http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-171/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-171/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4246.json b/2014/4xxx/CVE-2014-4246.json index 7890ac74ca7..ae699aa02f3 100644 --- a/2014/4xxx/CVE-2014-4246.json +++ b/2014/4xxx/CVE-2014-4246.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68586" - }, - { - "name" : "1030579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030579" - }, - { - "name" : "59303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59303" - }, - { - "name" : "oracle-cpujul2014-cve20144246(94567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68586" + }, + { + "name": "59303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59303" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "oracle-cpujul2014-cve20144246(94567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94567" + }, + { + "name": "1030579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030579" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4261.json b/2014/4xxx/CVE-2014-4261.json index 3f281ab5734..c93af6e07ee 100644 --- a/2014/4xxx/CVE-2014-4261.json +++ b/2014/4xxx/CVE-2014-4261.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68588" - }, - { - "name" : "oracle-cpujul2014-cve20144261(94612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "oracle-cpujul2014-cve20144261(94612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94612" + }, + { + "name": "68588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68588" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4283.json b/2014/4xxx/CVE-2014-4283.json index e9ded07766a..831e05d960d 100644 --- a/2014/4xxx/CVE-2014-4283.json +++ b/2014/4xxx/CVE-2014-4283.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70563" - }, - { - "name" : "1031032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031032" - }, - { - "name" : "61593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031032" + }, + { + "name": "70563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70563" + }, + { + "name": "61593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61593" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4475.json b/2014/4xxx/CVE-2014-4475.json index 241b6a7474f..d260a9c57df 100644 --- a/2014/4xxx/CVE-2014-4475.json +++ b/2014/4xxx/CVE-2014-4475.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6596", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6596" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2014-12-2-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "71451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "71451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71451" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT6596", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6596" + }, + { + "name": "APPLE-SA-2014-12-2-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4752.json b/2014/4xxx/CVE-2014-4752.json index 7115a0ffa68..4f019c9ada5 100644 --- a/2014/4xxx/CVE-2014-4752.json +++ b/2014/4xxx/CVE-2014-4752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232" - }, - { - "name" : "54512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232" + }, + { + "name": "54512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54512" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8569.json b/2014/8xxx/CVE-2014-8569.json index 5c92c9ce5eb..1be62bad026 100644 --- a/2014/8xxx/CVE-2014-8569.json +++ b/2014/8xxx/CVE-2014-8569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8597.json b/2014/8xxx/CVE-2014-8597.json index 9d9c89f84c8..395a2df07d9 100644 --- a/2014/8xxx/CVE-2014-8597.json +++ b/2014/8xxx/CVE-2014-8597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8597", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8597", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8691.json b/2014/8xxx/CVE-2014-8691.json index a4e0b468dce..c2685d4ff58 100644 --- a/2014/8xxx/CVE-2014-8691.json +++ b/2014/8xxx/CVE-2014-8691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8884.json b/2014/8xxx/CVE-2014-8884.json index 02f43a181d2..ea55b92acd1 100644 --- a/2014/8xxx/CVE-2014-8884.json +++ b/2014/8xxx/CVE-2014-8884.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2014-8884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141114 Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/14/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1164266", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1164266" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16" - }, - { - "name" : "DSA-3093", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3093" - }, - { - "name" : "RHSA-2015:0290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" - }, - { - "name" : "RHSA-2015:0782", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0782.html" - }, - { - "name" : "RHSA-2015:0864", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html" - }, - { - "name" : "62305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141114 Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/14/7" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16" + }, + { + "name": "DSA-3093", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3093" + }, + { + "name": "RHSA-2015:0864", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html" + }, + { + "name": "RHSA-2015:0290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html" + }, + { + "name": "RHSA-2015:0782", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" + }, + { + "name": "62305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62305" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1164266", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164266" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8950.json b/2014/8xxx/CVE-2014-8950.json index e137b8631b8..06a7b59018f 100644 --- a/2014/8xxx/CVE-2014-8950.json +++ b/2014/8xxx/CVE-2014-8950.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935" - }, - { - "name" : "67993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67993" - }, - { - "name" : "58487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58487" - }, - { - "name" : "security-gateway-cve20148950-dos(98763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "security-gateway-cve20148950-dos(98763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98763" + }, + { + "name": "58487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58487" + }, + { + "name": "67993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67993" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9152.json b/2014/9xxx/CVE-2014-9152.json index a352b14d84b..920d4e2fb93 100644 --- a/2014/9xxx/CVE-2014-9152.json +++ b/2014/9xxx/CVE-2014-9152.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2344389", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2344389" - }, - { - "name" : "http://cgit.drupalcode.org/services/commit/?id=809aafa", - "refsource" : "CONFIRM", - "url" : "http://cgit.drupalcode.org/services/commit/?id=809aafa" - }, - { - "name" : "https://www.drupal.org/node/2344423", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2344423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2344423", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2344423" + }, + { + "name": "http://cgit.drupalcode.org/services/commit/?id=809aafa", + "refsource": "CONFIRM", + "url": "http://cgit.drupalcode.org/services/commit/?id=809aafa" + }, + { + "name": "https://www.drupal.org/node/2344389", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2344389" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9878.json b/2014/9xxx/CVE-2014-9878.json index 9587ef05a70..e375a44c87e 100644 --- a/2014/9xxx/CVE-2014-9878.json +++ b/2014/9xxx/CVE-2014-9878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2228.json b/2016/2xxx/CVE-2016-2228.json index c65a35facb7..d01e9726f25 100644 --- a/2016/2xxx/CVE-2016-2228.json +++ b/2016/2xxx/CVE-2016-2228.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-2228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2016/001148.html" - }, - { - "name" : "[announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2016/001149.html" - }, - { - "name" : "[oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/06/4" - }, - { - "name" : "[oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/06/5" - }, - { - "name" : "http://bugs.horde.org/ticket/14213", - "refsource" : "CONFIRM", - "url" : "http://bugs.horde.org/ticket/14213" - }, - { - "name" : "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES" - }, - { - "name" : "https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8" - }, - { - "name" : "DSA-3497", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3497" - }, - { - "name" : "FEDORA-2016-3d1183830b", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html" - }, - { - "name" : "FEDORA-2016-5d0e7f15ef", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/06/4" + }, + { + "name": "http://bugs.horde.org/ticket/14213", + "refsource": "CONFIRM", + "url": "http://bugs.horde.org/ticket/14213" + }, + { + "name": "[oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/06/5" + }, + { + "name": "DSA-3497", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3497" + }, + { + "name": "FEDORA-2016-3d1183830b", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html" + }, + { + "name": "[announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2016/001149.html" + }, + { + "name": "FEDORA-2016-5d0e7f15ef", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html" + }, + { + "name": "[announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2016/001148.html" + }, + { + "name": "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES" + }, + { + "name": "https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2665.json b/2016/2xxx/CVE-2016-2665.json index 596712b81d5..b75c45b1b79 100644 --- a/2016/2xxx/CVE-2016-2665.json +++ b/2016/2xxx/CVE-2016-2665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2665", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2665", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2684.json b/2016/2xxx/CVE-2016-2684.json index eb677f483b0..0120d47adc5 100644 --- a/2016/2xxx/CVE-2016-2684.json +++ b/2016/2xxx/CVE-2016-2684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2684", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2767.json b/2016/2xxx/CVE-2016-2767.json index 8f6222c13d2..6ba441a067d 100644 --- a/2016/2xxx/CVE-2016-2767.json +++ b/2016/2xxx/CVE-2016-2767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2767", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2767", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2851.json b/2016/2xxx/CVE-2016-2851.json index 5924d0f7d03..a3c5bc0cfe4 100644 --- a/2016/2xxx/CVE-2016-2851.json +++ b/2016/2xxx/CVE-2016-2851.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in \"libotr\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537745/100/0/threaded" - }, - { - "name" : "39550", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39550/" - }, - { - "name" : "20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in \"libotr\"", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/21" - }, - { - "name" : "[OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1", - "refsource" : "MLIST", - "url" : "https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/" - }, - { - "name" : "DSA-3512", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3512" - }, - { - "name" : "GLSA-201701-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-10" - }, - { - "name" : "openSUSE-SU-2016:0708", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html" - }, - { - "name" : "openSUSE-SU-2016:0732", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html" - }, - { - "name" : "USN-2926-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2926-1" - }, - { - "name" : "84285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2926-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2926-1" + }, + { + "name": "20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in \"libotr\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537745/100/0/threaded" + }, + { + "name": "DSA-3512", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3512" + }, + { + "name": "GLSA-201701-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-10" + }, + { + "name": "39550", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39550/" + }, + { + "name": "84285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84285" + }, + { + "name": "20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in \"libotr\"", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/21" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/" + }, + { + "name": "openSUSE-SU-2016:0708", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html" + }, + { + "name": "[OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1", + "refsource": "MLIST", + "url": "https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002581.html" + }, + { + "name": "openSUSE-SU-2016:0732", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3089.json b/2016/3xxx/CVE-2016-3089.json index 3aa59a78fcd..d3b1671a19c 100644 --- a/2016/3xxx/CVE-2016-3089.json +++ b/2016/3xxx/CVE-2016-3089.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539192/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://openmeetings.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://openmeetings.apache.org/security.html" - }, - { - "name" : "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG" - }, - { - "name" : "92442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html" + }, + { + "name": "92442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92442" + }, + { + "name": "http://openmeetings.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://openmeetings.apache.org/security.html" + }, + { + "name": "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded" + }, + { + "name": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3489.json b/2016/3xxx/CVE-2016-3489.json index beaf7218123..29de0f823db 100644 --- a/2016/3xxx/CVE-2016-3489.json +++ b/2016/3xxx/CVE-2016-3489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91874" - }, - { - "name" : "1036363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91874" + }, + { + "name": "1036363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036363" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6056.json b/2016/6xxx/CVE-2016-6056.json index 2a5b5c8d527..8c20951c37d 100644 --- a/2016/6xxx/CVE-2016-6056.json +++ b/2016/6xxx/CVE-2016-6056.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Call Center for Commerce", - "version" : { - "version_data" : [ - { - "version_value" : "9.3" - }, - { - "version_value" : "9.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Call Center for Commerce", + "version": { + "version_data": [ + { + "version_value": "9.3" + }, + { + "version_value": "9.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22000442", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22000442" - }, - { - "name" : "96975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96975" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22000442", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22000442" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6394.json b/2016/6xxx/CVE-2016-6394.json index 746376f333a..2522d7628ad 100644 --- a/2016/6xxx/CVE-2016-6394.json +++ b/2016/6xxx/CVE-2016-6394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160907 Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc" - }, - { - "name" : "92825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92825" - }, - { - "name" : "1036757", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92825" + }, + { + "name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc" + }, + { + "name": "1036757", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036757" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6435.json b/2016/6xxx/CVE-2016-6435.json index fa125885839..fcd57ba6bb4 100644 --- a/2016/6xxx/CVE-2016-6435.json +++ b/2016/6xxx/CVE-2016-6435.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40464", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40464/" - }, - { - "name" : "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking", - "refsource" : "MISC", - "url" : "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking" - }, - { - "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt", - "refsource" : "MISC", - "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt" - }, - { - "name" : "20161005 Cisco Firepower Management Center Console Local File Inclusion Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2" - }, - { - "name" : "93421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40464", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40464/" + }, + { + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt", + "refsource": "MISC", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt" + }, + { + "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking", + "refsource": "MISC", + "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking" + }, + { + "name": "93421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93421" + }, + { + "name": "20161005 Cisco Firepower Management Center Console Local File Inclusion Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6525.json b/2016/6xxx/CVE-2016-6525.json index 21b6e9d31db..cb669172438 100644 --- a/2016/6xxx/CVE-2016-6525.json +++ b/2016/6xxx/CVE-2016-6525.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160803 Re: CVE request:Heap overflow vulns in MuPDF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/03/8" - }, - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=696954", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=696954" - }, - { - "name" : "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e" - }, - { - "name" : "DSA-3655", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3655" - }, - { - "name" : "GLSA-201702-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-12" - }, - { - "name" : "92266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3655", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3655" + }, + { + "name": "[oss-security] 20160803 Re: CVE request:Heap overflow vulns in MuPDF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/03/8" + }, + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=696954", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=696954" + }, + { + "name": "92266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92266" + }, + { + "name": "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e" + }, + { + "name": "GLSA-201702-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-12" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6800.json b/2016/6xxx/CVE-2016-6800.json index 8fc6cb462f4..17e2db613d1 100644 --- a/2016/6xxx/CVE-2016-6800.json +++ b/2016/6xxx/CVE-2016-6800.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-11-29T00:00:00", - "ID" : "CVE-2016-6800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OFBiz", - "version" : { - "version_data" : [ - { - "version_value" : "13.07.*" - }, - { - "version_value" : "12.04.*" - }, - { - "version_value" : "11.04.*" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-11-29T00:00:00", + "ID": "CVE-2016-6800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OFBiz", + "version": { + "version_data": [ + { + "version_value": "13.07.*" + }, + { + "version_value": "12.04.*" + }, + { + "version_value": "11.04.*" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20161129 [SECURITY] CVE-2016-6800 Apache OFBiz blog stored XSS vulnerability", - "refsource" : "MLIST", - "url" : "https://s.apache.org/Owsz" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[www-announce] 20161129 [SECURITY] CVE-2016-6800 Apache OFBiz blog stored XSS vulnerability", + "refsource": "MLIST", + "url": "https://s.apache.org/Owsz" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7213.json b/2016/7xxx/CVE-2016-7213.json index d3e1aeb0334..73125f6bb3d 100644 --- a/2016/7xxx/CVE-2016-7213.json +++ b/2016/7xxx/CVE-2016-7213.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-133", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" - }, - { - "name" : "93993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93993" - }, - { - "name" : "1037246", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-133", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" + }, + { + "name": "1037246", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037246" + }, + { + "name": "93993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93993" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7236.json b/2016/7xxx/CVE-2016-7236.json index 5d6dc4d1e2b..24ba4291e20 100644 --- a/2016/7xxx/CVE-2016-7236.json +++ b/2016/7xxx/CVE-2016-7236.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161108 Microsoft Office Excel Use-after-Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235" - }, - { - "name" : "MS16-133", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" - }, - { - "name" : "94025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94025" - }, - { - "name" : "1037246", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-133", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" + }, + { + "name": "94025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94025" + }, + { + "name": "1037246", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037246" + }, + { + "name": "20161108 Microsoft Office Excel Use-after-Free Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1235" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7361.json b/2016/7xxx/CVE-2016-7361.json index 60728019759..05d9c88703d 100644 --- a/2016/7xxx/CVE-2016-7361.json +++ b/2016/7xxx/CVE-2016-7361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7361", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7361", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7374.json b/2016/7xxx/CVE-2016-7374.json index 7efe88d3f86..6c15e8152b0 100644 --- a/2016/7xxx/CVE-2016-7374.json +++ b/2016/7xxx/CVE-2016-7374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7520.json b/2016/7xxx/CVE-2016-7520.json index eeecd5eeb77..74409f087e3 100644 --- a/2016/7xxx/CVE-2016-7520.json +++ b/2016/7xxx/CVE-2016-7520.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378747", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378747" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/90", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/90" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/90", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/90" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378747", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378747" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7986.json b/2016/7xxx/CVE-2016-7986.json index 349cceaba1a..c6b98714fac 100644 --- a/2016/7xxx/CVE-2016-7986.json +++ b/2016/7xxx/CVE-2016-7986.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file