From 856935b7e336cdfd07d4c859e10a42d3dc942366 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:25:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0472.json | 200 ++++++++-------- 2006/0xxx/CVE-2006-0735.json | 250 ++++++++++---------- 2006/0xxx/CVE-2006-0839.json | 150 ++++++------ 2006/0xxx/CVE-2006-0841.json | 200 ++++++++-------- 2006/1xxx/CVE-2006-1048.json | 160 ++++++------- 2006/1xxx/CVE-2006-1171.json | 34 +-- 2006/1xxx/CVE-2006-1200.json | 170 +++++++------- 2006/1xxx/CVE-2006-1982.json | 230 +++++++++--------- 2006/4xxx/CVE-2006-4232.json | 160 ++++++------- 2006/4xxx/CVE-2006-4351.json | 130 +++++------ 2006/4xxx/CVE-2006-4877.json | 190 +++++++-------- 2006/4xxx/CVE-2006-4913.json | 160 ++++++------- 2006/5xxx/CVE-2006-5197.json | 120 +++++----- 2006/5xxx/CVE-2006-5677.json | 170 +++++++------- 2010/0xxx/CVE-2010-0764.json | 160 ++++++------- 2010/2xxx/CVE-2010-2106.json | 140 +++++------ 2010/2xxx/CVE-2010-2972.json | 34 +-- 2010/3xxx/CVE-2010-3360.json | 120 +++++----- 2010/4xxx/CVE-2010-4294.json | 190 +++++++-------- 2010/4xxx/CVE-2010-4295.json | 210 ++++++++--------- 2010/4xxx/CVE-2010-4322.json | 130 +++++------ 2010/4xxx/CVE-2010-4354.json | 120 +++++----- 2011/5xxx/CVE-2011-5256.json | 130 +++++------ 2014/3xxx/CVE-2014-3022.json | 170 +++++++------- 2014/3xxx/CVE-2014-3466.json | 440 +++++++++++++++++------------------ 2014/3xxx/CVE-2014-3909.json | 140 +++++------ 2014/4xxx/CVE-2014-4479.json | 210 ++++++++--------- 2014/4xxx/CVE-2014-4667.json | 290 +++++++++++------------ 2014/8xxx/CVE-2014-8349.json | 140 +++++------ 2014/8xxx/CVE-2014-8448.json | 120 +++++----- 2014/8xxx/CVE-2014-8862.json | 34 +-- 2014/8xxx/CVE-2014-8908.json | 34 +-- 2014/9xxx/CVE-2014-9248.json | 130 +++++------ 2014/9xxx/CVE-2014-9345.json | 140 +++++------ 2014/9xxx/CVE-2014-9416.json | 120 +++++----- 2014/9xxx/CVE-2014-9951.json | 130 +++++------ 2016/2xxx/CVE-2016-2222.json | 190 +++++++-------- 2016/2xxx/CVE-2016-2231.json | 120 +++++----- 2016/2xxx/CVE-2016-2298.json | 130 +++++------ 2016/6xxx/CVE-2016-6297.json | 240 +++++++++---------- 2016/6xxx/CVE-2016-6301.json | 160 ++++++------- 2016/6xxx/CVE-2016-6503.json | 180 +++++++------- 2016/6xxx/CVE-2016-6795.json | 142 +++++------ 2016/6xxx/CVE-2016-6971.json | 140 +++++------ 2016/7xxx/CVE-2016-7282.json | 150 ++++++------ 45 files changed, 3554 insertions(+), 3554 deletions(-) diff --git a/2006/0xxx/CVE-2006-0472.json b/2006/0xxx/CVE-2006-0472.json index f35d18a23e7..aa4ba8dff48 100644 --- a/2006/0xxx/CVE-2006-0472.json +++ b/2006/0xxx/CVE-2006-0472.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060126 [eVuln] \"my little homepage\" products [link] BBCode XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423167/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/51/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/51/summary.html" - }, - { - "name" : "20060130 My Little Homepage - source verify of different products", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-January/000520.html" - }, - { - "name" : "http://evuln.com/vulns/51/", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/51/" - }, - { - "name" : "16395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16395" - }, - { - "name" : "ADV-2006-0349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0349" - }, - { - "name" : "22855", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22855" - }, - { - "name" : "18628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18628" - }, - { - "name" : "mylittlehomepage-link-tag-xss(24310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060130 My Little Homepage - source verify of different products", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-January/000520.html" + }, + { + "name": "18628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18628" + }, + { + "name": "http://evuln.com/vulns/51/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/51/summary.html" + }, + { + "name": "16395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16395" + }, + { + "name": "20060126 [eVuln] \"my little homepage\" products [link] BBCode XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423167/100/0/threaded" + }, + { + "name": "ADV-2006-0349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0349" + }, + { + "name": "http://evuln.com/vulns/51/", + "refsource": "MISC", + "url": "http://evuln.com/vulns/51/" + }, + { + "name": "22855", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22855" + }, + { + "name": "mylittlehomepage-link-tag-xss(24310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24310" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0735.json b/2006/0xxx/CVE-2006-0735.json index 0a54347ec0e..faac159a779 100644 --- a/2006/0xxx/CVE-2006-0735.json +++ b/2006/0xxx/CVE-2006-0735.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060215 [eVuln] My Blog BBCode XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425087/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/79/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/79/summary.html" - }, - { - "name" : "20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425113/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/80/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/80/summary.html" - }, - { - "name" : "http://menno.b10m.net/perl/HTML-BBCode/Changes", - "refsource" : "CONFIRM", - "url" : "http://menno.b10m.net/perl/HTML-BBCode/Changes" - }, - { - "name" : "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz" - }, - { - "name" : "http://fuzzymonkey.net/forum/viewtopic.php?t=856", - "refsource" : "CONFIRM", - "url" : "http://fuzzymonkey.net/forum/viewtopic.php?t=856" - }, - { - "name" : "http://evuln.com/vulns/80/summary.html", - "refsource" : "CONFIRM", - "url" : "http://evuln.com/vulns/80/summary.html" - }, - { - "name" : "16659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16659" - }, - { - "name" : "ADV-2006-0614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0614" - }, - { - "name" : "ADV-2006-0642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0642" - }, - { - "name" : "18905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18905" - }, - { - "name" : "18925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18925" - }, - { - "name" : "myblog-bbcode-xss(24668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fuzzymonkey.net/forum/viewtopic.php?t=856", + "refsource": "CONFIRM", + "url": "http://fuzzymonkey.net/forum/viewtopic.php?t=856" + }, + { + "name": "20060215 [eVuln] My Blog BBCode XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425087/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/79/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/79/summary.html" + }, + { + "name": "http://evuln.com/vulns/80/summary.html", + "refsource": "CONFIRM", + "url": "http://evuln.com/vulns/80/summary.html" + }, + { + "name": "18905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18905" + }, + { + "name": "myblog-bbcode-xss(24668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24668" + }, + { + "name": "ADV-2006-0642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0642" + }, + { + "name": "16659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16659" + }, + { + "name": "http://www.evuln.com/vulns/80/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/80/summary.html" + }, + { + "name": "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz", + "refsource": "CONFIRM", + "url": "http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz" + }, + { + "name": "18925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18925" + }, + { + "name": "20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425113/100/0/threaded" + }, + { + "name": "ADV-2006-0614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0614" + }, + { + "name": "http://menno.b10m.net/perl/HTML-BBCode/Changes", + "refsource": "CONFIRM", + "url": "http://menno.b10m.net/perl/HTML-BBCode/Changes" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0839.json b/2006/0xxx/CVE-2006-0839.json index 6cd4830095f..77106d16487 100644 --- a/2006/0xxx/CVE-2006-0839.json +++ b/2006/0xxx/CVE-2006-0839.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060217 SNORT Incorrect fragmented packet reassembly", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425290/100/0/threaded" - }, - { - "name" : "16705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16705" - }, - { - "name" : "18959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18959" - }, - { - "name" : "snort-frag3-detection-bypass(24811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060217 SNORT Incorrect fragmented packet reassembly", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded" + }, + { + "name": "16705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16705" + }, + { + "name": "18959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18959" + }, + { + "name": "snort-frag3-detection-bypass(24811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0841.json b/2006/0xxx/CVE-2006-0841.json index 025fce06d06..b15aec2c8ad 100644 --- a/2006/0xxx/CVE-2006-0841.json +++ b/2006/0xxx/CVE-2006-0841.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425046/100/0/threaded" - }, - { - "name" : "http://morph3us.org/advisories/20060214-mantis-100rc4.txt", - "refsource" : "MISC", - "url" : "http://morph3us.org/advisories/20060214-mantis-100rc4.txt" - }, - { - "name" : "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963" - }, - { - "name" : "DSA-1133", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1133" - }, - { - "name" : "16657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16657" - }, - { - "name" : "23248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23248" - }, - { - "name" : "22487", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22487" - }, - { - "name" : "21400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16657" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963" + }, + { + "name": "21400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21400" + }, + { + "name": "DSA-1133", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1133" + }, + { + "name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded" + }, + { + "name": "23248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23248" + }, + { + "name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt", + "refsource": "MISC", + "url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt" + }, + { + "name": "22487", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22487" + }, + { + "name": "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059", + "refsource": "MISC", + "url": "http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1048.json b/2006/1xxx/CVE-2006-1048.json index 139759c7d2a..8cb5fa9e938 100644 --- a/2006/1xxx/CVE-2006-1048.json +++ b/2006/1xxx/CVE-2006-1048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/938/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/938/78/" - }, - { - "name" : "ADV-2006-0818", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0818" - }, - { - "name" : "23822", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23822" - }, - { - "name" : "19105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19105" - }, - { - "name" : "joomla-multiple-bypass-security(25033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0818", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0818" + }, + { + "name": "19105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19105" + }, + { + "name": "joomla-multiple-bypass-security(25033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25033" + }, + { + "name": "http://www.joomla.org/content/view/938/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/938/78/" + }, + { + "name": "23822", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23822" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1171.json b/2006/1xxx/CVE-2006-1171.json index 7bd70bf4166..9f7ab848c85 100644 --- a/2006/1xxx/CVE-2006-1171.json +++ b/2006/1xxx/CVE-2006-1171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1171", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-1171", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1200.json b/2006/1xxx/CVE-2006-1200.json index 76e4140b18f..4f0f28b1008 100644 --- a/2006/1xxx/CVE-2006-1200.json +++ b/2006/1xxx/CVE-2006-1200.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 link bank code execution and xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426932/100/0/threaded" - }, - { - "name" : "17004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17004" - }, - { - "name" : "ADV-2006-0885", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0885" - }, - { - "name" : "23750", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23750" - }, - { - "name" : "19154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19154" - }, - { - "name" : "553", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19154" + }, + { + "name": "553", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/553" + }, + { + "name": "23750", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23750" + }, + { + "name": "17004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17004" + }, + { + "name": "20060306 link bank code execution and xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426932/100/0/threaded" + }, + { + "name": "ADV-2006-0885", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0885" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1982.json b/2006/1xxx/CVE-2006-1982.json index dcccd926dc5..8109d6eee21 100644 --- a/2006/1xxx/CVE-2006-1982.json +++ b/2006/1xxx/CVE-2006-1982.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security-protocols.com/sp-x24-advisory.php", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/sp-x24-advisory.php" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303411", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=303411" - }, - { - "name" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17634" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1452" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "31837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31837" - }, - { - "name" : "19686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19686" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303411", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=303411" + }, + { + "name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233", + "refsource": "MISC", + "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233" + }, + { + "name": "http://www.security-protocols.com/sp-x24-advisory.php", + "refsource": "MISC", + "url": "http://www.security-protocols.com/sp-x24-advisory.php" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "ADV-2006-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1452" + }, + { + "name": "17634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17634" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "31837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31837" + }, + { + "name": "19686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19686" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4232.json b/2006/4xxx/CVE-2006-4232.json index 2fe93bd4ffa..ca7f9d08036 100644 --- a/2006/4xxx/CVE-2006-4232.json +++ b/2006/4xxx/CVE-2006-4232.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20060815 Proxy Generation Tool Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html" - }, - { - "name" : "19549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19549" - }, - { - "name" : "ADV-2006-3290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3290" - }, - { - "name" : "21516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21516" - }, - { - "name" : "globus-grid-proxy-race-condition(28408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3290" + }, + { + "name": "globus-grid-proxy-race-condition(28408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408" + }, + { + "name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability", + "refsource": "MLIST", + "url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html" + }, + { + "name": "21516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21516" + }, + { + "name": "19549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19549" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4351.json b/2006/4xxx/CVE-2006-4351.json index 15ce20e41aa..dc452b98934 100644 --- a/2006/4xxx/CVE-2006-4351.json +++ b/2006/4xxx/CVE-2006-4351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060815 OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443631/100/0/threaded" - }, - { - "name" : "1448", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060815 OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443631/100/0/threaded" + }, + { + "name": "1448", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1448" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4877.json b/2006/4xxx/CVE-2006-4877.json index fe6e90c867f..6116558e4cd 100644 --- a/2006/4xxx/CVE-2006-4877.json +++ b/2006/4xxx/CVE-2006-4877.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 PHP-Post Multiple Input Validation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446318/100/0/threaded" - }, - { - "name" : "20061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20061" - }, - { - "name" : "ADV-2006-3688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3688" - }, - { - "name" : "28965", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28965" - }, - { - "name" : "28966", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28966" - }, - { - "name" : "28967", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28967" - }, - { - "name" : "22014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22014" - }, - { - "name" : "1607", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20061" + }, + { + "name": "ADV-2006-3688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3688" + }, + { + "name": "28966", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28966" + }, + { + "name": "1607", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1607" + }, + { + "name": "28967", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28967" + }, + { + "name": "22014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22014" + }, + { + "name": "20060916 PHP-Post Multiple Input Validation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded" + }, + { + "name": "28965", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28965" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4913.json b/2006/4xxx/CVE-2006-4913.json index c5816f16912..163817ae86e 100644 --- a/2006/4xxx/CVE-2006-4913.json +++ b/2006/4xxx/CVE-2006-4913.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2389", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2389" - }, - { - "name" : "20088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20088" - }, - { - "name" : "ADV-2006-3684", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3684" - }, - { - "name" : "21961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21961" - }, - { - "name" : "alstrasoft-getstartoptions-file-include(29006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20088" + }, + { + "name": "ADV-2006-3684", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3684" + }, + { + "name": "2389", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2389" + }, + { + "name": "21961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21961" + }, + { + "name": "alstrasoft-getstartoptions-file-include(29006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29006" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5197.json b/2006/5xxx/CVE-2006-5197.json index eb91db28570..43bbb359191 100644 --- a/2006/5xxx/CVE-2006-5197.json +++ b/2006/5xxx/CVE-2006-5197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1016852", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016852", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016852" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5677.json b/2006/5xxx/CVE-2006-5677.json index 03569074e2b..73f715c814b 100644 --- a/2006/5xxx/CVE-2006-5677.json +++ b/2006/5xxx/CVE-2006-5677.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 TORQUE Spool Job Race condition (torque <= 2.0.0p8)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449248/100/200/threaded" - }, - { - "name" : "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf", - "refsource" : "MISC", - "url" : "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf" - }, - { - "name" : "GLSA-200611-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-14.xml" - }, - { - "name" : "20632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20632" - }, - { - "name" : "ADV-2006-4651", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4651" - }, - { - "name" : "1820", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061018 TORQUE Spool Job Race condition (torque <= 2.0.0p8)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449248/100/200/threaded" + }, + { + "name": "GLSA-200611-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-14.xml" + }, + { + "name": "ADV-2006-4651", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4651" + }, + { + "name": "1820", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1820" + }, + { + "name": "20632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20632" + }, + { + "name": "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf", + "refsource": "MISC", + "url": "http://csirt.fe.up.pt/docs/TORQUE-audit.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0764.json b/2010/0xxx/CVE-2010-0764.json index 533612a8a93..75636dacc58 100644 --- a/2010/0xxx/CVE-2010-0764.json +++ b/2010/0xxx/CVE-2010-0764.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt" - }, - { - "name" : "11382", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11382" - }, - { - "name" : "62272", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62272" - }, - { - "name" : "38548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38548" - }, - { - "name" : "esmile-index-sql-injection(56206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62272", + "refsource": "OSVDB", + "url": "http://osvdb.org/62272" + }, + { + "name": "11382", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11382" + }, + { + "name": "esmile-index-sql-injection(56206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56206" + }, + { + "name": "38548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38548" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/esmile-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2106.json b/2010/2xxx/CVE-2010-2106.json index 71cf065153d..52a43d71b6d 100644 --- a/2010/2xxx/CVE-2010-2106.json +++ b/2010/2xxx/CVE-2010-2106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=16535", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=16535" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:11644", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=16535", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=16535" + }, + { + "name": "oval:org.mitre.oval:def:11644", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11644" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2972.json b/2010/2xxx/CVE-2010-2972.json index fa0eeff66d0..71616a8b261 100644 --- a/2010/2xxx/CVE-2010-2972.json +++ b/2010/2xxx/CVE-2010-2972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2972", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1797. Reason: This candidate is a duplicate of CVE-2010-1797. Notes: All CVE users should reference CVE-2010-1797 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-2972", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1797. Reason: This candidate is a duplicate of CVE-2010-1797. Notes: All CVE users should reference CVE-2010-1797 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3360.json b/2010/3xxx/CVE-2010-3360.json index 2d36b9df2b3..a58db71c285 100644 --- a/2010/3xxx/CVE-2010-3360.json +++ b/2010/3xxx/CVE-2010-3360.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598291" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4294.json b/2010/4xxx/CVE-2010-4294.json index 2e4a44c0679..b4146d9ed05 100644 --- a/2010/4xxx/CVE-2010-4294.json +++ b/2010/4xxx/CVE-2010-4294.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514995/100/0/threaded" - }, - { - "name" : "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" - }, - { - "name" : "45169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45169" - }, - { - "name" : "69596", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69596" - }, - { - "name" : "1024819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024819" - }, - { - "name" : "42482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42482" - }, - { - "name" : "ADV-2010-3116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" + }, + { + "name": "45169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45169" + }, + { + "name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded" + }, + { + "name": "69596", + "refsource": "OSVDB", + "url": "http://osvdb.org/69596" + }, + { + "name": "1024819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024819" + }, + { + "name": "42482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42482" + }, + { + "name": "ADV-2010-3116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3116" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4295.json b/2010/4xxx/CVE-2010-4295.json index 3419d683f96..b23e1cd5de7 100644 --- a/2010/4xxx/CVE-2010-4295.json +++ b/2010/4xxx/CVE-2010-4295.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514995/100/0/threaded" - }, - { - "name" : "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" - }, - { - "name" : "45167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45167" - }, - { - "name" : "69585", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69585" - }, - { - "name" : "1024819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024819" - }, - { - "name" : "1024820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024820" - }, - { - "name" : "42453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42453" - }, - { - "name" : "42482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42482" - }, - { - "name" : "ADV-2010-3116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html" + }, + { + "name": "69585", + "refsource": "OSVDB", + "url": "http://osvdb.org/69585" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html" + }, + { + "name": "45167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45167" + }, + { + "name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded" + }, + { + "name": "42453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42453" + }, + { + "name": "1024819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024819" + }, + { + "name": "42482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42482" + }, + { + "name": "ADV-2010-3116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3116" + }, + { + "name": "1024820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024820" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4322.json b/2010/4xxx/CVE-2010-4322.json index f7e2882900c..0edb052d9f4 100644 --- a/2010/4xxx/CVE-2010-4322.json +++ b/2010/4xxx/CVE-2010-4322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101210 Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515147/100/0/threaded" - }, - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html" + }, + { + "name": "20101210 Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515147/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4354.json b/2010/4xxx/CVE-2010-4354.json index ceb0acacd2b..28c2ea589a7 100644 --- a/2010/4xxx/CVE-2010-4354.json +++ b/2010/4xxx/CVE-2010-4354.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101129 Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101129 Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5256.json b/2011/5xxx/CVE-2011-5256.json index 463ac8b80f7..cb7ddc89f3b 100644 --- a/2011/5xxx/CVE-2011-5256.json +++ b/2011/5xxx/CVE-2011-5256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup" - }, - { - "name" : "46831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup" + }, + { + "name": "46831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46831" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3022.json b/2014/3xxx/CVE-2014-3022.json index e3c1175b14c..d57458ce206 100644 --- a/2014/3xxx/CVE-2014-3022.json +++ b/2014/3xxx/CVE-2014-3022.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" - }, - { - "name" : "PI09594", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594" - }, - { - "name" : "68211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68211" - }, - { - "name" : "ibm-was-cve20143022-info-disc(93060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI09594", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" + }, + { + "name": "68211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68211" + }, + { + "name": "ibm-was-cve20143022-info-disc(93060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93060" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3466.json b/2014/3xxx/CVE-2014-3466.json index 74e8cd8dd43..c6c89348add 100644 --- a/2014/3xxx/CVE-2014-3466.json +++ b/2014/3xxx/CVE-2014-3466.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/", - "refsource" : "MISC", - "url" : "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/" - }, - { - "name" : "http://www.gnutls.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.gnutls.org/security.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101932", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101932" - }, - { - "name" : "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd", - "refsource" : "CONFIRM", - "url" : "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0595.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0595.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0594.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0594.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678776", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678776" - }, - { - "name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155", - "refsource" : "CONFIRM", - "url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015302", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015302" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015303", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015303" - }, - { - "name" : "DSA-2944", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2944" - }, - { - "name" : "RHSA-2014:0594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0594.html" - }, - { - "name" : "RHSA-2014:0815", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0815.html" - }, - { - "name" : "RHSA-2014:0595", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0595.html" - }, - { - "name" : "RHSA-2014:0684", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0684.html" - }, - { - "name" : "openSUSE-SU-2014:0763", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2014:0767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html" - }, - { - "name" : "SUSE-SU-2014:0758", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html" - }, - { - "name" : "SUSE-SU-2014:0788", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html" - }, - { - "name" : "USN-2229-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2229-1" - }, - { - "name" : "67741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67741" - }, - { - "name" : "1030314", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030314" - }, - { - "name" : "58340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58340" - }, - { - "name" : "58598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58598" - }, - { - "name" : "58601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58601" - }, - { - "name" : "58642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58642" - }, - { - "name" : "59016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59016" - }, - { - "name" : "59057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59057" - }, - { - "name" : "59086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59086" - }, - { - "name" : "59021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59021" - }, - { - "name" : "59838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59838" - }, - { - "name" : "60384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60384" - }, - { - "name" : "59408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gnutls.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.gnutls.org/security.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776" + }, + { + "name": "DSA-2944", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2944" + }, + { + "name": "58340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58340" + }, + { + "name": "RHSA-2014:0595", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html" + }, + { + "name": "USN-2229-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2229-1" + }, + { + "name": "58642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58642" + }, + { + "name": "67741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67741" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015302", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015302" + }, + { + "name": "59057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59057" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0595.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0595.html" + }, + { + "name": "59086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59086" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932" + }, + { + "name": "SUSE-SU-2014:0758", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html" + }, + { + "name": "RHSA-2014:0684", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html" + }, + { + "name": "openSUSE-SU-2014:0763", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html" + }, + { + "name": "59021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59021" + }, + { + "name": "RHSA-2014:0815", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html" + }, + { + "name": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/", + "refsource": "MISC", + "url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015303", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015303" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html" + }, + { + "name": "58598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58598" + }, + { + "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155", + "refsource": "CONFIRM", + "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155" + }, + { + "name": "59838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59838" + }, + { + "name": "SUSE-SU-2014:0788", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html" + }, + { + "name": "60384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60384" + }, + { + "name": "RHSA-2014:0594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html" + }, + { + "name": "59016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59016" + }, + { + "name": "openSUSE-SU-2014:0767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html" + }, + { + "name": "58601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58601" + }, + { + "name": "59408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59408" + }, + { + "name": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd", + "refsource": "CONFIRM", + "url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd" + }, + { + "name": "1030314", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030314" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3909.json b/2014/3xxx/CVE-2014-3909.json index 333c48b67c4..a839ed2af2e 100644 --- a/2014/3xxx/CVE-2014-3909.json +++ b/2014/3xxx/CVE-2014-3909.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://service.falconsc.com/service/product/patch/index.html", - "refsource" : "MISC", - "url" : "https://service.falconsc.com/service/product/patch/index.html" - }, - { - "name" : "JVN#49672671", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN49672671/index.html" - }, - { - "name" : "JVNDB-2014-000084", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#49672671", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN49672671/index.html" + }, + { + "name": "https://service.falconsc.com/service/product/patch/index.html", + "refsource": "MISC", + "url": "https://service.falconsc.com/service/product/patch/index.html" + }, + { + "name": "JVNDB-2014-000084", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000084" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4479.json b/2014/4xxx/CVE-2014-4479.json index 0b229ffd19e..76b88e7affb 100644 --- a/2014/4xxx/CVE-2014-4479.json +++ b/2014/4xxx/CVE-2014-4479.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204243", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204243" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "72330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72330" - }, - { - "name" : "1031647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031647" + }, + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "http://support.apple.com/HT204243", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204243" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "APPLE-SA-2015-01-27-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "72330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72330" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4667.json b/2014/4xxx/CVE-2014-4667.json index 9507fa29b7e..1b422f1211f 100644 --- a/2014/4xxx/CVE-2014-4667.json +++ b/2014/4xxx/CVE-2014-4667.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/27/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113967", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113967" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3068.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3068.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3069.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3069.html" - }, - { - "name" : "DSA-2992", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2992" - }, - { - "name" : "SUSE-SU-2014:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" - }, - { - "name" : "SUSE-SU-2014:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "USN-2334-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2334-1" - }, - { - "name" : "USN-2335-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2335-1" - }, - { - "name" : "68224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68224" - }, - { - "name" : "59777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59777" - }, - { - "name" : "60564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60564" - }, - { - "name" : "59790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59790" - }, - { - "name" : "60596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee" + }, + { + "name": "SUSE-SU-2014:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" + }, + { + "name": "[oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/27/11" + }, + { + "name": "59790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59790" + }, + { + "name": "USN-2335-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2335-1" + }, + { + "name": "USN-2334-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2334-1" + }, + { + "name": "SUSE-SU-2014:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" + }, + { + "name": "60564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60564" + }, + { + "name": "68224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68224" + }, + { + "name": "59777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59777" + }, + { + "name": "60596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60596" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3068.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3068.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3069.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3069.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113967", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113967" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2" + }, + { + "name": "DSA-2992", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2992" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3217b15a19a4779c39b212358a5c71d725822ee" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8349.json b/2014/8xxx/CVE-2014-8349.json index 1c10a582481..a1e5e7ad548 100644 --- a/2014/8xxx/CVE-2014-8349.json +++ b/2014/8xxx/CVE-2014-8349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141120 CVE-2014-8349 LIFERAY Portal Stored XSS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/61" - }, - { - "name" : "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html" - }, - { - "name" : "1031255", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031255", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031255" + }, + { + "name": "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html" + }, + { + "name": "20141120 CVE-2014-8349 LIFERAY Portal Stored XSS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/61" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8448.json b/2014/8xxx/CVE-2014-8448.json index 788d51b6ae3..c130eb8046d 100644 --- a/2014/8xxx/CVE-2014-8448.json +++ b/2014/8xxx/CVE-2014-8448.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8862.json b/2014/8xxx/CVE-2014-8862.json index d2f215788ba..58660bce059 100644 --- a/2014/8xxx/CVE-2014-8862.json +++ b/2014/8xxx/CVE-2014-8862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8862", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8862", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8908.json b/2014/8xxx/CVE-2014-8908.json index 197033bc220..a3beeb31b2a 100644 --- a/2014/8xxx/CVE-2014-8908.json +++ b/2014/8xxx/CVE-2014-8908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9248.json b/2014/9xxx/CVE-2014-9248.json index 14d1e037451..f0a167b955f 100644 --- a/2014/9xxx/CVE-2014-9248.json +++ b/2014/9xxx/CVE-2014-9248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-9248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9345.json b/2014/9xxx/CVE-2014-9345.json index f9afe6e3fc2..e9b5859b0c2 100644 --- a/2014/9xxx/CVE-2014-9345.json +++ b/2014/9xxx/CVE-2014-9345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35463", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35463" - }, - { - "name" : "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html" - }, - { - "name" : "115317", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/115317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129390/Advertise-With-Pleasure-AWP-6.6-SQL-Injection.html" + }, + { + "name": "35463", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35463" + }, + { + "name": "115317", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/115317" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9416.json b/2014/9xxx/CVE-2014-9416.json index baf2b3ebb6b..12adbf93269 100644 --- a/2014/9xxx/CVE-2014-9416.json +++ b/2014/9xxx/CVE-2014-9416.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9951.json b/2014/9xxx/CVE-2014-9951.json index 1f20b389b18..03a2663cc05 100644 --- a/2014/9xxx/CVE-2014-9951.json +++ b/2014/9xxx/CVE-2014-9951.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Timing Discrepancy Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Timing Discrepancy Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98252" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2222.json b/2016/2xxx/CVE-2016-2222.json index 688d86cc37c..22a76fce1f6 100644 --- a/2016/2xxx/CVE-2016-2222.json +++ b/2016/2xxx/CVE-2016-2222.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/110801", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/110801" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8376", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8376" - }, - { - "name" : "https://codex.wordpress.org/Version_4.4.2", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.4.2" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/36435", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/36435" - }, - { - "name" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/" - }, - { - "name" : "DSA-3472", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3472" - }, - { - "name" : "82454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82454" - }, - { - "name" : "1034933", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codex.wordpress.org/Version_4.4.2", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.4.2" + }, + { + "name": "1034933", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034933" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8376", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8376" + }, + { + "name": "https://core.trac.wordpress.org/changeset/36435", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/36435" + }, + { + "name": "82454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82454" + }, + { + "name": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/" + }, + { + "name": "DSA-3472", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3472" + }, + { + "name": "https://hackerone.com/reports/110801", + "refsource": "MISC", + "url": "https://hackerone.com/reports/110801" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2231.json b/2016/2xxx/CVE-2016-2231.json index fd9ab2a7e78..d85365f2502 100644 --- a/2016/2xxx/CVE-2016-2231.json +++ b/2016/2xxx/CVE-2016-2231.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://debihiga.wordpress.com/sa-whip/", - "refsource" : "MISC", - "url" : "https://debihiga.wordpress.com/sa-whip/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://debihiga.wordpress.com/sa-whip/", + "refsource": "MISC", + "url": "https://debihiga.wordpress.com/sa-whip/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2298.json b/2016/2xxx/CVE-2016-2298.json index c2862f653e9..5bc54e5d006 100644 --- a/2016/2xxx/CVE-2016-2298.json +++ b/2016/2xxx/CVE-2016-2298.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/52" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/52" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6297.json b/2016/6xxx/CVE-2016-6297.json index ed80b41ecca..fd679ee3173 100644 --- a/2016/6xxx/CVE-2016-6297.json +++ b/2016/6xxx/CVE-2016-6297.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/24/2" - }, - { - "name" : "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities", - "refsource" : "MISC", - "url" : "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/72520", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/72520" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "DSA-3631", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3631" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92099" - }, - { - "name" : "1036430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "https://bugs.php.net/72520", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/72520" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities", + "refsource": "MISC", + "url": "http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "1036430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036430" + }, + { + "name": "DSA-3631", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3631" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9" + }, + { + "name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/24/2" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + }, + { + "name": "92099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92099" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6301.json b/2016/6xxx/CVE-2016-6301.json index 4671e2b427a..1e7f9025d44 100644 --- a/2016/6xxx/CVE-2016-6301.json +++ b/2016/6xxx/CVE-2016-6301.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160803 CVE-2016-6301: busybox: NTP server denial of service flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/03/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363710", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363710" - }, - { - "name" : "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", - "refsource" : "CONFIRM", - "url" : "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71" - }, - { - "name" : "GLSA-201701-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-05" - }, - { - "name" : "92277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160803 CVE-2016-6301: busybox: NTP server denial of service flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/03/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710" + }, + { + "name": "92277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92277" + }, + { + "name": "GLSA-201701-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-05" + }, + { + "name": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", + "refsource": "CONFIRM", + "url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6503.json b/2016/6xxx/CVE-2016-6503.json index 6e3bba74e6f..b8db872f839 100644 --- a/2016/6xxx/CVE-2016-6503.json +++ b/2016/6xxx/CVE-2016-6503.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40196", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40196/" - }, - { - "name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/28/3" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-39.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1" - }, - { - "name" : "92162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92162" - }, - { - "name" : "1036480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/28/3" + }, + { + "name": "92162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92162" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-39.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-39.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1" + }, + { + "name": "1036480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036480" + }, + { + "name": "40196", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40196/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6795.json b/2016/6xxx/CVE-2016-6795.json index af96ac2cf74..1a810e261cf 100644 --- a/2016/6xxx/CVE-2016-6795.json +++ b/2016/6xxx/CVE-2016-6795.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-10-18T00:00:00", - "ID" : "CVE-2016-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.20 - 2.3.30" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible path traversal in the Convention plugin" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-10-18T00:00:00", + "ID": "CVE-2016-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.3.20 - 2.3.30" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://struts.apache.org/docs/s2-042.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-042.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0003/" - }, - { - "name" : "93773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible path traversal in the Convention plugin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93773" + }, + { + "name": "https://struts.apache.org/docs/s2-042.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-042.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6971.json b/2016/6xxx/CVE-2016-6971.json index 08811fb5683..bfc5cd680ba 100644 --- a/2016/6xxx/CVE-2016-6971.json +++ b/2016/6xxx/CVE-2016-6971.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7282.json b/2016/7xxx/CVE-2016-7282.json index 5611d8291cc..efe81fb2368 100644 --- a/2016/7xxx/CVE-2016-7282.json +++ b/2016/7xxx/CVE-2016-7282.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-144", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144" - }, - { - "name" : "MS16-145", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" - }, - { - "name" : "94724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94724" - }, - { - "name" : "1037444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94724" + }, + { + "name": "MS16-144", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144" + }, + { + "name": "1037444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037444" + }, + { + "name": "MS16-145", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" + } + ] + } +} \ No newline at end of file