From 94c30d92eadf1ab1b57172da91275bb2dcf324f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:48:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1704.json | 150 ++++++------ 2006/1xxx/CVE-2006-1757.json | 130 +++++------ 2006/1xxx/CVE-2006-1950.json | 170 +++++++------- 2006/5xxx/CVE-2006-5077.json | 160 ++++++------- 2006/5xxx/CVE-2006-5080.json | 180 +++++++------- 2006/5xxx/CVE-2006-5354.json | 200 ++++++++-------- 2006/5xxx/CVE-2006-5875.json | 190 +++++++-------- 2007/2xxx/CVE-2007-2490.json | 180 +++++++------- 2007/2xxx/CVE-2007-2574.json | 130 +++++------ 2007/2xxx/CVE-2007-2632.json | 170 +++++++------- 2007/2xxx/CVE-2007-2657.json | 190 +++++++-------- 2007/2xxx/CVE-2007-2676.json | 180 +++++++------- 2007/2xxx/CVE-2007-2834.json | 440 +++++++++++++++++------------------ 2007/6xxx/CVE-2007-6011.json | 120 +++++----- 2010/0xxx/CVE-2010-0045.json | 160 ++++++------- 2010/0xxx/CVE-2010-0176.json | 420 ++++++++++++++++----------------- 2010/0xxx/CVE-2010-0325.json | 130 +++++------ 2010/0xxx/CVE-2010-0347.json | 120 +++++----- 2010/1xxx/CVE-2010-1457.json | 180 +++++++------- 2010/4xxx/CVE-2010-4569.json | 200 ++++++++-------- 2010/4xxx/CVE-2010-4647.json | 200 ++++++++-------- 2010/5xxx/CVE-2010-5091.json | 190 +++++++-------- 2010/5xxx/CVE-2010-5180.json | 200 ++++++++-------- 2010/5xxx/CVE-2010-5242.json | 130 +++++------ 2014/0xxx/CVE-2014-0086.json | 160 ++++++------- 2014/0xxx/CVE-2014-0451.json | 280 +++++++++++----------- 2014/0xxx/CVE-2014-0745.json | 130 +++++------ 2014/0xxx/CVE-2014-0923.json | 140 +++++------ 2014/0xxx/CVE-2014-0965.json | 170 +++++++------- 2014/1xxx/CVE-2014-1590.json | 200 ++++++++-------- 2014/1xxx/CVE-2014-1675.json | 34 +-- 2014/4xxx/CVE-2014-4079.json | 150 ++++++------ 2014/4xxx/CVE-2014-4337.json | 160 ++++++------- 2014/4xxx/CVE-2014-4552.json | 120 +++++----- 2014/4xxx/CVE-2014-4637.json | 140 +++++------ 2014/4xxx/CVE-2014-4962.json | 130 +++++------ 2014/9xxx/CVE-2014-9959.json | 142 +++++------ 2016/3xxx/CVE-2016-3570.json | 150 ++++++------ 2016/6xxx/CVE-2016-6431.json | 140 +++++------ 2016/7xxx/CVE-2016-7209.json | 140 +++++------ 2016/7xxx/CVE-2016-7545.json | 200 ++++++++-------- 2016/7xxx/CVE-2016-7999.json | 190 +++++++-------- 2016/8xxx/CVE-2016-8103.json | 130 +++++------ 2016/8xxx/CVE-2016-8450.json | 130 +++++------ 2016/8xxx/CVE-2016-8476.json | 146 ++++++------ 45 files changed, 3851 insertions(+), 3851 deletions(-) diff --git a/2006/1xxx/CVE-2006-1704.json b/2006/1xxx/CVE-2006-1704.json index 0d4ae6262dc..a0f1d42ccad 100644 --- a/2006/1xxx/CVE-2006-1704.json +++ b/2006/1xxx/CVE-2006-1704.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060407 Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430301/100/0/threaded" - }, - { - "name" : "17431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17431" - }, - { - "name" : "1015885", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015885" - }, - { - "name" : "sire-upload-auth-bypass(25727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17431" + }, + { + "name": "1015885", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015885" + }, + { + "name": "sire-upload-auth-bypass(25727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25727" + }, + { + "name": "20060407 Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430301/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1757.json b/2006/1xxx/CVE-2006-1757.json index 25e67b1167a..e587da04ce1 100644 --- a/2006/1xxx/CVE-2006-1757.json +++ b/2006/1xxx/CVE-2006-1757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060410 Vegadns blind sql injection and cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430474/100/0/threaded" - }, - { - "name" : "17433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17433" + }, + { + "name": "20060410 Vegadns blind sql injection and cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430474/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1950.json b/2006/1xxx/CVE-2006-1950.json index 28dcdfd11bf..752cf47c1bb 100644 --- a/2006/1xxx/CVE-2006-1950.json +++ b/2006/1xxx/CVE-2006-1950.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html" - }, - { - "name" : "17613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17613" - }, - { - "name" : "ADV-2006-1410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1410" - }, - { - "name" : "24728", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24728" - }, - { - "name" : "19718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19718" - }, - { - "name" : "bannerfarm-banners-xss(25919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bannerfarm-banners-xss(25919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25919" + }, + { + "name": "24728", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24728" + }, + { + "name": "ADV-2006-1410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1410" + }, + { + "name": "17613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17613" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/bannerfarm-xss-vuln.html" + }, + { + "name": "19718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19718" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5077.json b/2006/5xxx/CVE-2006-5077.json index 61653234318..f37b13520b3 100644 --- a/2006/5xxx/CVE-2006-5077.json +++ b/2006/5xxx/CVE-2006-5077.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2429", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2429" - }, - { - "name" : "20185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20185" - }, - { - "name" : "ADV-2006-3880", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3880" - }, - { - "name" : "22256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22256" - }, - { - "name" : "minerva-logging-file-include(29148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22256" + }, + { + "name": "minerva-logging-file-include(29148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29148" + }, + { + "name": "2429", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2429" + }, + { + "name": "ADV-2006-3880", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3880" + }, + { + "name": "20185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20185" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5080.json b/2006/5xxx/CVE-2006-5080.json index 128a3bc0ebc..f22a8a31d5f 100644 --- a/2006/5xxx/CVE-2006-5080.json +++ b/2006/5xxx/CVE-2006-5080.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html", - "refsource" : "MISC", - "url" : "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html" - }, - { - "name" : "JVN#68295640", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2368295640/index.html" - }, - { - "name" : "20228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20228" - }, - { - "name" : "ADV-2006-3779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3779" - }, - { - "name" : "29177", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29177" - }, - { - "name" : "22109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22109" - }, - { - "name" : "movabletype-search-xss(29183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#68295640", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2368295640/index.html" + }, + { + "name": "movabletype-search-xss(29183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29183" + }, + { + "name": "29177", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29177" + }, + { + "name": "22109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22109" + }, + { + "name": "ADV-2006-3779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3779" + }, + { + "name": "20228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20228" + }, + { + "name": "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html", + "refsource": "MISC", + "url": "http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5354.json b/2006/5xxx/CVE-2006-5354.json index a62c91be885..cbc23251a67 100644 --- a/2006/5xxx/CVE-2006-5354.json +++ b/2006/5xxx/CVE-2006-5354.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5875.json b/2006/5xxx/CVE-2006-5875.json index a2c6b4f7846..28c63ea2c64 100644 --- a/2006/5xxx/CVE-2006-5875.json +++ b/2006/5xxx/CVE-2006-5875.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an \"SMTP level e-mail address\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1236", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1236" - }, - { - "name" : "[eoc] 20061213 EoC 1.2.4 -- security problem fixed, please upgrade immediately", - "refsource" : "MLIST", - "url" : "http://liw.iki.fi/lists/eoc@liw.iki.fi/msg00366.html" - }, - { - "name" : "21572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21572" - }, - { - "name" : "ADV-2006-5000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5000" - }, - { - "name" : "30849", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30849" - }, - { - "name" : "23377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23377" - }, - { - "name" : "23382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23382" - }, - { - "name" : "eoc-email-shell-command-execution(30923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an \"SMTP level e-mail address\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23377" + }, + { + "name": "23382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23382" + }, + { + "name": "DSA-1236", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1236" + }, + { + "name": "30849", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30849" + }, + { + "name": "eoc-email-shell-command-execution(30923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30923" + }, + { + "name": "[eoc] 20061213 EoC 1.2.4 -- security problem fixed, please upgrade immediately", + "refsource": "MLIST", + "url": "http://liw.iki.fi/lists/eoc@liw.iki.fi/msg00366.html" + }, + { + "name": "21572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21572" + }, + { + "name": "ADV-2006-5000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5000" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2490.json b/2007/2xxx/CVE-2007-2490.json index d2a75c07743..545f844f303 100644 --- a/2007/2xxx/CVE-2007-2490.json +++ b/2007/2xxx/CVE-2007-2490.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD" - }, - { - "name" : "VU#711420", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/711420" - }, - { - "name" : "23775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23775" - }, - { - "name" : "ADV-2007-1633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1633" - }, - { - "name" : "35530", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35530" - }, - { - "name" : "25113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25113" - }, - { - "name" : "livedata-cotp-dos(34029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1633" + }, + { + "name": "35530", + "refsource": "OSVDB", + "url": "http://osvdb.org/35530" + }, + { + "name": "23775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23775" + }, + { + "name": "VU#711420", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/711420" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD" + }, + { + "name": "livedata-cotp-dos(34029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34029" + }, + { + "name": "25113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25113" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2574.json b/2007/2xxx/CVE-2007-2574.json index e3946cfb46d..18358b1e28b 100644 --- a/2007/2xxx/CVE-2007-2574.json +++ b/2007/2xxx/CVE-2007-2574.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3859" - }, - { - "name" : "41731", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41731", + "refsource": "OSVDB", + "url": "http://osvdb.org/41731" + }, + { + "name": "3859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3859" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2632.json b/2007/2xxx/CVE-2007-2632.json index 8bb29d7c9f4..a1e579ffd5b 100644 --- a/2007/2xxx/CVE-2007-2632.json +++ b/2007/2xxx/CVE-2007-2632.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070510 phpMUR Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=117883301207293&w=2" - }, - { - "name" : "23917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23917" - }, - { - "name" : "36212", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36212" - }, - { - "name" : "36213", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36213" - }, - { - "name" : "ADV-2007-1796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1796" - }, - { - "name" : "phpmur-multiple-script-xss(34228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1796" + }, + { + "name": "phpmur-multiple-script-xss(34228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34228" + }, + { + "name": "23917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23917" + }, + { + "name": "20070510 phpMUR Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=117883301207293&w=2" + }, + { + "name": "36212", + "refsource": "OSVDB", + "url": "http://osvdb.org/36212" + }, + { + "name": "36213", + "refsource": "OSVDB", + "url": "http://osvdb.org/36213" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2657.json b/2007/2xxx/CVE-2007-2657.json index c359fc9da08..f7fe657d621 100644 --- a/2007/2xxx/CVE-2007-2657.json +++ b/2007/2xxx/CVE-2007-2657.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3910", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3910" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html" - }, - { - "name" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14" - }, - { - "name" : "23957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23957" - }, - { - "name" : "ADV-2007-1790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1790" - }, - { - "name" : "36012", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36012" - }, - { - "name" : "25258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25258" - }, - { - "name" : "precisionid-precisioniddatamatrix-bo(34267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1790" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-barcode-activex.html" + }, + { + "name": "25258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25258" + }, + { + "name": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=14" + }, + { + "name": "36012", + "refsource": "OSVDB", + "url": "http://osvdb.org/36012" + }, + { + "name": "3910", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3910" + }, + { + "name": "precisionid-precisioniddatamatrix-bo(34267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34267" + }, + { + "name": "23957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23957" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2676.json b/2007/2xxx/CVE-2007-2676.json index e7c4af655f7..d5fcc75d7af 100644 --- a/2007/2xxx/CVE-2007-2676.json +++ b/2007/2xxx/CVE-2007-2676.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3838", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3838" - }, - { - "name" : "20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-May/001585.html" - }, - { - "name" : "23793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23793" - }, - { - "name" : "ADV-2007-1650", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1650" - }, - { - "name" : "35591", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35591" - }, - { - "name" : "25146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25146" - }, - { - "name" : "ote-header-file-include(34053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3838", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3838" + }, + { + "name": "35591", + "refsource": "OSVDB", + "url": "http://osvdb.org/35591" + }, + { + "name": "23793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23793" + }, + { + "name": "20070507 TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-May/001585.html" + }, + { + "name": "25146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25146" + }, + { + "name": "ote-header-file-include(34053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34053" + }, + { + "name": "ADV-2007-1650", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1650" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2834.json b/2007/2xxx/CVE-2007-2834.json index 12abdbdbc4e..68e81abb86a 100644 --- a/2007/2xxx/CVE-2007-2834.json +++ b/2007/2xxx/CVE-2007-2834.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593" - }, - { - "name" : "20070919 FLEA-2007-0056-1 openoffice.org", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479965/100/0/threaded" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2007-2834.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2007-2834.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1740", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1740" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=192818", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=192818" - }, - { - "name" : "DSA-1375", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1375" - }, - { - "name" : "FEDORA-2007-700", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2007-700.shtml" - }, - { - "name" : "FEDORA-2007-2372", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2007-237.shtml" - }, - { - "name" : "GLSA-200710-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-24.xml" - }, - { - "name" : "MDKSA-2007:186", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:186" - }, - { - "name" : "RHSA-2007:0848", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0848.html" - }, - { - "name" : "102994", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1" - }, - { - "name" : "200190", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1" - }, - { - "name" : "SUSE-SA:2007:052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html" - }, - { - "name" : "USN-524-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-524-1" - }, - { - "name" : "25690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25690" - }, - { - "name" : "oval:org.mitre.oval:def:9967", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967" - }, - { - "name" : "ADV-2007-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3184" - }, - { - "name" : "ADV-2007-3262", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3262" - }, - { - "name" : "1018702", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018702" - }, - { - "name" : "26816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26816" - }, - { - "name" : "26817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26817" - }, - { - "name" : "26839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26839" - }, - { - "name" : "26844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26844" - }, - { - "name" : "26855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26855" - }, - { - "name" : "26861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26861" - }, - { - "name" : "26903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26903" - }, - { - "name" : "26912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26912" - }, - { - "name" : "26891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26891" - }, - { - "name" : "27077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27077" - }, - { - "name" : "27087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27087" - }, - { - "name" : "27370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27370" - }, - { - "name" : "openoffice-tiff-bo(36656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "200190", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=192818", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=192818" + }, + { + "name": "26816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26816" + }, + { + "name": "26839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26839" + }, + { + "name": "USN-524-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-524-1" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1740", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1740" + }, + { + "name": "26855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26855" + }, + { + "name": "1018702", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018702" + }, + { + "name": "102994", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1" + }, + { + "name": "SUSE-SA:2007:052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html" + }, + { + "name": "26903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26903" + }, + { + "name": "GLSA-200710-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-24.xml" + }, + { + "name": "20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593" + }, + { + "name": "27370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27370" + }, + { + "name": "MDKSA-2007:186", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:186" + }, + { + "name": "ADV-2007-3262", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3262" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2007-2834.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2007-2834.html" + }, + { + "name": "FEDORA-2007-700", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2007-700.shtml" + }, + { + "name": "RHSA-2007:0848", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0848.html" + }, + { + "name": "26844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26844" + }, + { + "name": "26891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26891" + }, + { + "name": "20070919 FLEA-2007-0056-1 openoffice.org", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479965/100/0/threaded" + }, + { + "name": "27087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27087" + }, + { + "name": "25690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25690" + }, + { + "name": "oval:org.mitre.oval:def:9967", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967" + }, + { + "name": "ADV-2007-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3184" + }, + { + "name": "26861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26861" + }, + { + "name": "26817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26817" + }, + { + "name": "DSA-1375", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1375" + }, + { + "name": "openoffice-tiff-bo(36656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36656" + }, + { + "name": "26912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26912" + }, + { + "name": "27077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27077" + }, + { + "name": "FEDORA-2007-2372", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2007-237.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6011.json b/2007/6xxx/CVE-2007-6011.json index a685f164b41..b7ba6db83a6 100644 --- a/2007/6xxx/CVE-2007-6011.json +++ b/2007/6xxx/CVE-2007-6011.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26178" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0045.json b/2010/0xxx/CVE-2010-0045.json index d602df43259..98b0d41802e 100644 --- a/2010/0xxx/CVE-2010-0045.json +++ b/2010/0xxx/CVE-2010-0045.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "oval:org.mitre.oval:def:6817", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817" - }, - { - "name" : "1023706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:6817", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817" + }, + { + "name": "1023706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023706" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0176.json b/2010/0xxx/CVE-2010-0176.json index 683e4a5a950..02b44ec0f8f 100644 --- a/2010/0xxx/CVE-2010-0176.json +++ b/2010/0xxx/CVE-2010-0176.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538308", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538308" - }, - { - "name" : "DSA-2027", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2027" - }, - { - "name" : "FEDORA-2010-5526", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html" - }, - { - "name" : "FEDORA-2010-5539", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html" - }, - { - "name" : "FEDORA-2010-5561", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html" - }, - { - "name" : "MDVSA-2010:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" - }, - { - "name" : "RHSA-2010:0332", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0332.html" - }, - { - "name" : "RHSA-2010:0333", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0333.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-921-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-921-1" - }, - { - "name" : "oval:org.mitre.oval:def:11052", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052" - }, - { - "name" : "oval:org.mitre.oval:def:7222", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222" - }, - { - "name" : "1023776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023776" - }, - { - "name" : "1023782", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023782" - }, - { - "name" : "38566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38566" - }, - { - "name" : "39117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39117" - }, - { - "name" : "39136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39136" - }, - { - "name" : "39204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39204" - }, - { - "name" : "39240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39240" - }, - { - "name" : "39242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39242" - }, - { - "name" : "39243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39243" - }, - { - "name" : "39308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39308" - }, - { - "name" : "39397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39397" - }, - { - "name" : "ADV-2010-0748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0748" - }, - { - "name" : "ADV-2010-0764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0764" - }, - { - "name" : "ADV-2010-0765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0765" - }, - { - "name" : "ADV-2010-0781", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0781" - }, - { - "name" : "ADV-2010-0790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0790" - }, - { - "name" : "ADV-2010-0849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0849" - }, - { - "name" : "firefox-nstreecontentview-code-exec(57392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-nstreecontentview-code-exec(57392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57392" + }, + { + "name": "39397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39397" + }, + { + "name": "RHSA-2010:0333", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0333.html" + }, + { + "name": "39308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39308" + }, + { + "name": "39136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39136" + }, + { + "name": "oval:org.mitre.oval:def:7222", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222" + }, + { + "name": "oval:org.mitre.oval:def:11052", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052" + }, + { + "name": "ADV-2010-0781", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0781" + }, + { + "name": "FEDORA-2010-5561", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html" + }, + { + "name": "USN-921-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-921-1" + }, + { + "name": "1023776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023776" + }, + { + "name": "1023782", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023782" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-18.html" + }, + { + "name": "ADV-2010-0764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0764" + }, + { + "name": "ADV-2010-0765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0765" + }, + { + "name": "MDVSA-2010:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" + }, + { + "name": "FEDORA-2010-5526", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html" + }, + { + "name": "38566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38566" + }, + { + "name": "39117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39117" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=538308", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=538308" + }, + { + "name": "39243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39243" + }, + { + "name": "ADV-2010-0748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0748" + }, + { + "name": "ADV-2010-0849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0849" + }, + { + "name": "FEDORA-2010-5539", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html" + }, + { + "name": "ADV-2010-0790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0790" + }, + { + "name": "39242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39242" + }, + { + "name": "DSA-2027", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2027" + }, + { + "name": "RHSA-2010:0332", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0332.html" + }, + { + "name": "39240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39240" + }, + { + "name": "39204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39204" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0325.json b/2010/0xxx/CVE-2010-0325.json index 73d24a101ae..1e438027617 100644 --- a/2010/0xxx/CVE-2010-0325.json +++ b/2010/0xxx/CVE-2010-0325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0347.json b/2010/0xxx/CVE-2010-0347.json index f6a1502deb1..94b8a8ab119 100644 --- a/2010/0xxx/CVE-2010-0347.json +++ b/2010/0xxx/CVE-2010-0347.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1457.json b/2010/1xxx/CVE-2010-1457.json index f26f98abcac..11cdb3c3014 100644 --- a/2010/1xxx/CVE-2010-1457.json +++ b/2010/1xxx/CVE-2010-1457.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100507 CVE Assignment (gnustep)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/07/6" - }, - { - "name" : "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz" - }, - { - "name" : "http://savannah.gnu.org/bugs/?29755", - "refsource" : "CONFIRM", - "url" : "http://savannah.gnu.org/bugs/?29755" - }, - { - "name" : "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336", - "refsource" : "CONFIRM", - "url" : "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108" - }, - { - "name" : "40005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40005" - }, - { - "name" : "39746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39746" + }, + { + "name": "[oss-security] 20100507 CVE Assignment (gnustep)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/07/6" + }, + { + "name": "http://savannah.gnu.org/bugs/?29755", + "refsource": "CONFIRM", + "url": "http://savannah.gnu.org/bugs/?29755" + }, + { + "name": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336", + "refsource": "CONFIRM", + "url": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336" + }, + { + "name": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz", + "refsource": "CONFIRM", + "url": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz" + }, + { + "name": "40005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40005" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4569.json b/2010/4xxx/CVE-2010-4569.json index 3a85614c82c..0fb9879e0e8 100644 --- a/2010/4xxx/CVE-2010-4569.json +++ b/2010/4xxx/CVE-2010-4569.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://yuilibrary.com/forum/viewtopic.php?p=12923", - "refsource" : "MISC", - "url" : "http://yuilibrary.com/forum/viewtopic.php?p=12923" - }, - { - "name" : "http://yuilibrary.com/projects/yui2/ticket/2529228", - "refsource" : "MISC", - "url" : "http://yuilibrary.com/projects/yui2/ticket/2529228" - }, - { - "name" : "http://www.bugzilla.org/security/3.2.9/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.9/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619637", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619637" - }, - { - "name" : "45982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45982" - }, - { - "name" : "70701", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70701" - }, - { - "name" : "ADV-2011-0207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0207" - }, - { - "name" : "ADV-2011-0271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0271" - }, - { - "name" : "bugzilla-realname-xss(65178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=619637", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=619637" + }, + { + "name": "45982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45982" + }, + { + "name": "http://www.bugzilla.org/security/3.2.9/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.9/" + }, + { + "name": "ADV-2011-0271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0271" + }, + { + "name": "70701", + "refsource": "OSVDB", + "url": "http://osvdb.org/70701" + }, + { + "name": "ADV-2011-0207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0207" + }, + { + "name": "http://yuilibrary.com/projects/yui2/ticket/2529228", + "refsource": "MISC", + "url": "http://yuilibrary.com/projects/yui2/ticket/2529228" + }, + { + "name": "http://yuilibrary.com/forum/viewtopic.php?p=12923", + "refsource": "MISC", + "url": "http://yuilibrary.com/forum/viewtopic.php?p=12923" + }, + { + "name": "bugzilla-realname-xss(65178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65178" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4647.json b/2010/4xxx/CVE-2010-4647.json index 59c0cd9e3a6..f36206612d9 100644 --- a/2010/4xxx/CVE-2010-4647.json +++ b/2010/4xxx/CVE-2010-4647.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/7" - }, - { - "name" : "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/16" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting" - }, - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582", - "refsource" : "MISC", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582" - }, - { - "name" : "FEDORA-2010-18990", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html" - }, - { - "name" : "FEDORA-2010-19006", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html" - }, - { - "name" : "MDVSA-2011:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032" - }, - { - "name" : "RHSA-2011:0568", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0568.html" - }, - { - "name" : "eclipseide-querystring-xss(64833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/16" + }, + { + "name": "RHSA-2011:0568", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html" + }, + { + "name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/7" + }, + { + "name": "FEDORA-2010-18990", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html" + }, + { + "name": "MDVSA-2011:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032" + }, + { + "name": "FEDORA-2010-19006", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting" + }, + { + "name": "eclipseide-querystring-xss(64833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833" + }, + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582", + "refsource": "MISC", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5091.json b/2010/5xxx/CVE-2010-5091.json index 6d0ba69c802..54de4e89ff5 100644 --- a/2010/5xxx/CVE-2010-5091.json +++ b/2010/5xxx/CVE-2010-5091.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3" - }, - { - "name" : "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt", - "refsource" : "MISC", - "url" : "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt" - }, - { - "name" : "http://open.silverstripe.org/ticket/5693", - "refsource" : "MISC", - "url" : "http://open.silverstripe.org/ticket/5693" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1" - }, - { - "name" : "http://open.silverstripe.org/changeset/107273", - "refsource" : "CONFIRM", - "url" : "http://open.silverstripe.org/changeset/107273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/01/3" + }, + { + "name": "http://open.silverstripe.org/ticket/5693", + "refsource": "MISC", + "url": "http://open.silverstripe.org/ticket/5693" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt", + "refsource": "MISC", + "url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1" + }, + { + "name": "http://open.silverstripe.org/changeset/107273", + "refsource": "CONFIRM", + "url": "http://open.silverstripe.org/changeset/107273" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5180.json b/2010/5xxx/CVE-2010-5180.json index 3958263769a..17d55b419f2 100644 --- a/2010/5xxx/CVE-2010-5180.json +++ b/2010/5xxx/CVE-2010-5180.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5242.json b/2010/5xxx/CVE-2010-5242.json index 2617e1a2cf9..ce50fbf3787 100644 --- a/2010/5xxx/CVE-2010-5242.json +++ b/2010/5xxx/CVE-2010-5242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/" - }, - { - "name" : "41164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/" + }, + { + "name": "41164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41164" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0086.json b/2014/0xxx/CVE-2014-0086.json index 7f9b32d18a5..42d40f6c419 100644 --- a/2014/0xxx/CVE-2014-0086.json +++ b/2014/0xxx/CVE-2014-0086.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067268", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067268" - }, - { - "name" : "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757", - "refsource" : "CONFIRM", - "url" : "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757" - }, - { - "name" : "https://issues.jboss.org/browse/RF-13250", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/RF-13250" - }, - { - "name" : "RHSA-2014:0335", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0335.html" - }, - { - "name" : "57053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0335", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0335.html" + }, + { + "name": "https://issues.jboss.org/browse/RF-13250", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/RF-13250" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268" + }, + { + "name": "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757", + "refsource": "CONFIRM", + "url": "https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757" + }, + { + "name": "57053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57053" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0451.json b/2014/0xxx/CVE-2014-0451.json index 518872913e1..4833f07a8cf 100644 --- a/2014/0xxx/CVE-2014-0451.json +++ b/2014/0xxx/CVE-2014-0451.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0685", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66879" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "RHSA-2014:0685", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "66879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66879" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0745.json b/2014/0xxx/CVE-2014-0745.json index 9e04ba5dbad..8357fa196f0 100644 --- a/2014/0xxx/CVE-2014-0745.json +++ b/2014/0xxx/CVE-2014-0745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745" - }, - { - "name" : "1029842", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029842", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029842" + }, + { + "name": "20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0923.json b/2014/0xxx/CVE-2014-0923.json index 8fc7eeb7719..8d1d857a82f 100644 --- a/2014/0xxx/CVE-2014-0923.json +++ b/2014/0xxx/CVE-2014-0923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" - }, - { - "name" : "IT00582", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582" - }, - { - "name" : "ibm-messagesight-cve20140923-dos(92076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-messagesight-cve20140923-dos(92076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92076" + }, + { + "name": "IT00582", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0965.json b/2014/0xxx/CVE-2014-0965.json index bdda498eaa5..7a30861e159 100644 --- a/2014/0xxx/CVE-2014-0965.json +++ b/2014/0xxx/CVE-2014-0965.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" - }, - { - "name" : "PI11434", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434" - }, - { - "name" : "68210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68210" - }, - { - "name" : "ibm-websphere-cve20140965-info-disc(92878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" + }, + { + "name": "ibm-websphere-cve20140965-info-disc(92878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92878" + }, + { + "name": "68210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68210" + }, + { + "name": "PI11434", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1590.json b/2014/1xxx/CVE-2014-1590.json index d467b958abc..cc7ae06576c 100644 --- a/2014/1xxx/CVE-2014-1590.json +++ b/2014/1xxx/CVE-2014-1590.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3090", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3090" - }, - { - "name" : "DSA-3092", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3092" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "71397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-85.html" + }, + { + "name": "openSUSE-SU-2015:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087633" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "71397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71397" + }, + { + "name": "DSA-3090", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3090" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3092", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3092" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1675.json b/2014/1xxx/CVE-2014-1675.json index 2098bc247e6..f92f7a39ef1 100644 --- a/2014/1xxx/CVE-2014-1675.json +++ b/2014/1xxx/CVE-2014-1675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4079.json b/2014/4xxx/CVE-2014-4079.json index 4adcad6fb4a..8d21808ec98 100644 --- a/2014/4xxx/CVE-2014-4079.json +++ b/2014/4xxx/CVE-2014-4079.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69581" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144079-code-exec(95509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69581" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "ms-ie-cve20144079-code-exec(95509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95509" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4337.json b/2014/4xxx/CVE-2014-4337.json index 698db12902b..a678262ab61 100644 --- a/2014/4xxx/CVE-2014-4337.json +++ b/2014/4xxx/CVE-2014-4337.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-4337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140619 Re: cups-browsed remote exploit", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/06/19/12" - }, - { - "name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194", - "refsource" : "CONFIRM", - "url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194" - }, - { - "name" : "RHSA-2014:1795", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1795.html" - }, - { - "name" : "68122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68122" - }, - { - "name" : "62044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1795", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html" + }, + { + "name": "62044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62044" + }, + { + "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194", + "refsource": "CONFIRM", + "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194" + }, + { + "name": "68122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68122" + }, + { + "name": "[oss-security] 20140619 Re: cups-browsed remote exploit", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/06/19/12" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4552.json b/2014/4xxx/CVE-2014-4552.json index aa484cbb301..9ce7cedeef5 100644 --- a/2014/4xxx/CVE-2014-4552.json +++ b/2014/4xxx/CVE-2014-4552.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-spotlightyour-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4637.json b/2014/4xxx/CVE-2014-4637.json index f523723df81..28d41c9a188 100644 --- a/2014/4xxx/CVE-2014-4637.json +++ b/2014/4xxx/CVE-2014-4637.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-4637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html" - }, - { - "name" : "1031497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html" + }, + { + "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html" + }, + { + "name": "1031497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031497" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4962.json b/2014/4xxx/CVE-2014-4962.json index 9f2c7db9a8f..c7b3d104c10 100644 --- a/2014/4xxx/CVE-2014-4962.json +++ b/2014/4xxx/CVE-2014-4962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532726/100/0/threaded" - }, - { - "name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/38" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532726/100/0/threaded" + }, + { + "name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/38" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9959.json b/2014/9xxx/CVE-2014-9959.json index d584dc6fe26..e87e5b7306d 100644 --- a/2014/9xxx/CVE-2014-9959.json +++ b/2014/9xxx/CVE-2014-9959.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-06-05T00:00:00", - "ID" : "CVE-2014-9959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-06-05T00:00:00", + "ID": "CVE-2014-9959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3570.json b/2016/3xxx/CVE-2016-3570.json index f5e4909bdcc..8a3fc44f9e0 100644 --- a/2016/3xxx/CVE-2016-3570.json +++ b/2016/3xxx/CVE-2016-3570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91884" - }, - { - "name" : "1036393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91884" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036393" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6431.json b/2016/6xxx/CVE-2016-6431.json index ef6e22eb7f0..23a2981fa3f 100644 --- a/2016/6xxx/CVE-2016-6431.json +++ b/2016/6xxx/CVE-2016-6431.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco ASA Software before 9.6(1.5)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco ASA Software before 9.6(1.5)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASA Software before 9.6(1.5)", + "version": { + "version_data": [ + { + "version_value": "Cisco ASA Software before 9.6(1.5)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca" - }, - { - "name" : "93786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93786" - }, - { - "name" : "1037060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93786" + }, + { + "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca" + }, + { + "name": "1037060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037060" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7209.json b/2016/7xxx/CVE-2016-7209.json index f4fb6fc4c5b..b9666960f26 100644 --- a/2016/7xxx/CVE-2016-7209.json +++ b/2016/7xxx/CVE-2016-7209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "94049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94049" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "94049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94049" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7545.json b/2016/7xxx/CVE-2016-7545.json index 2e780a05a8f..5521aa56194 100644 --- a/2016/7xxx/CVE-2016-7545.json +++ b/2016/7xxx/CVE-2016-7545.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160925 CVE-2016-7545 -- SELinux sandbox escape", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/25/1" - }, - { - "name" : "[selinux] 20160923 [PATCH 2/2] sandbox: create a new session for sandboxed processes", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=selinux&m=147465160112766&w=2" - }, - { - "name" : "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379", - "refsource" : "CONFIRM", - "url" : "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379" - }, - { - "name" : "FEDORA-2016-b7e8e980ef", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/" - }, - { - "name" : "RHSA-2016:2702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2702.html" - }, - { - "name" : "RHSA-2017:0535", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0535.html" - }, - { - "name" : "RHSA-2017:0536", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0536.html" - }, - { - "name" : "93156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93156" - }, - { - "name" : "1037283", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0536", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0536.html" + }, + { + "name": "[oss-security] 20160925 CVE-2016-7545 -- SELinux sandbox escape", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/25/1" + }, + { + "name": "FEDORA-2016-b7e8e980ef", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/" + }, + { + "name": "RHSA-2017:0535", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0535.html" + }, + { + "name": "RHSA-2016:2702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2702.html" + }, + { + "name": "93156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93156" + }, + { + "name": "1037283", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037283" + }, + { + "name": "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379", + "refsource": "CONFIRM", + "url": "https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379" + }, + { + "name": "[selinux] 20160923 [PATCH 2/2] sandbox: create a new session for sandboxed processes", + "refsource": "MLIST", + "url": "https://marc.info/?l=selinux&m=147465160112766&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7999.json b/2016/7xxx/CVE-2016-7999.json index 0e7d1efd16c..2c3bd5a1fbf 100644 --- a/2016/7xxx/CVE-2016-7999.json +++ b/2016/7xxx/CVE-2016-7999.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/17" - }, - { - "name" : "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/07/5" - }, - { - "name" : "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/6" - }, - { - "name" : "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/12/10" - }, - { - "name" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" - }, - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/23188", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/23188" - }, - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/23193", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/23193" - }, - { - "name" : "93451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93451" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/23193", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/23193" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/23188", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/23188" + }, + { + "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" + }, + { + "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" + }, + { + "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" + }, + { + "name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" + }, + { + "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8103.json b/2016/8xxx/CVE-2016-8103.json index a7bf8ebd340..cc12ffe20e3 100644 --- a/2016/8xxx/CVE-2016-8103.json +++ b/2016/8xxx/CVE-2016-8103.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUC Kits", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevated Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUC Kits", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr" - }, - { - "name" : "95012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevated Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95012" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8450.json b/2016/8xxx/CVE-2016-8450.json index ca39c46ced6..e2f1182d0bd 100644 --- a/2016/8xxx/CVE-2016-8450.json +++ b/2016/8xxx/CVE-2016-8450.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95269" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8476.json b/2016/8xxx/CVE-2016-8476.json index 523b4a2c045..d0f3edab545 100644 --- a/2016/8xxx/CVE-2016-8476.json +++ b/2016/8xxx/CVE-2016-8476.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96047" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96047" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file