diff --git a/2006/0xxx/CVE-2006-0564.json b/2006/0xxx/CVE-2006-0564.json index f2973beac5e..b6553e4a63e 100644 --- a/2006/0xxx/CVE-2006-0564.json +++ b/2006/0xxx/CVE-2006-0564.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://users.pandora.be/bratax/advisories/b008.html", - "refsource" : "MISC", - "url" : "http://users.pandora.be/bratax/advisories/b008.html" - }, - { - "name" : "VU#124460", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/124460" - }, - { - "name" : "ADV-2006-0446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0446" - }, - { - "name" : "22941", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22941" - }, - { - "name" : "1015585", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015585" - }, - { - "name" : "18740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18740" - }, - { - "name" : "mshtmlhelp-workshop-hhp-bo(24481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18740" + }, + { + "name": "22941", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22941" + }, + { + "name": "1015585", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015585" + }, + { + "name": "mshtmlhelp-workshop-hhp-bo(24481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24481" + }, + { + "name": "http://users.pandora.be/bratax/advisories/b008.html", + "refsource": "MISC", + "url": "http://users.pandora.be/bratax/advisories/b008.html" + }, + { + "name": "VU#124460", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/124460" + }, + { + "name": "ADV-2006-0446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0446" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0610.json b/2006/0xxx/CVE-2006-0610.json index 8e2d09ef640..37b0ca1ddf9 100644 --- a/2006/0xxx/CVE-2006-0610.json +++ b/2006/0xxx/CVE-2006-0610.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425094/100/0/threaded" - }, - { - "name" : "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114003781801861&w=2" - }, - { - "name" : "http://www.evuln.com/vulns/62/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/62/summary.html" - }, - { - "name" : "16569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16569" - }, - { - "name" : "ADV-2006-0486", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0486" - }, - { - "name" : "23037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23037" - }, - { - "name" : "23038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23038" - }, - { - "name" : "18781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18781" - }, - { - "name" : "2200net-adminlogin-sql-injection(24484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484" - }, - { - "name" : "2200net-calendar-sql-injection(24483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0486", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0486" + }, + { + "name": "2200net-adminlogin-sql-injection(24484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484" + }, + { + "name": "16569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16569" + }, + { + "name": "http://www.evuln.com/vulns/62/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/62/summary.html" + }, + { + "name": "23038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23038" + }, + { + "name": "18781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18781" + }, + { + "name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded" + }, + { + "name": "23037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23037" + }, + { + "name": "2200net-calendar-sql-injection(24483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483" + }, + { + "name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0845.json b/2006/0xxx/CVE-2006-0845.json index 845066389c7..bbe8bac5883 100644 --- a/2006/0xxx/CVE-2006-0845.json +++ b/2006/0xxx/CVE-2006-0845.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.evuln.com/vulns/82/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/82/summary.html" - }, - { - "name" : "18923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18923" - }, - { - "name" : "522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/522" - }, - { - "name" : "webblog-sendmail-command-execution(24757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.evuln.com/vulns/82/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/82/summary.html" + }, + { + "name": "webblog-sendmail-command-execution(24757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24757" + }, + { + "name": "18923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18923" + }, + { + "name": "522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/522" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1070.json b/2006/1xxx/CVE-2006-1070.json index 9b8e643c0bd..09eb19b6dd9 100644 --- a/2006/1xxx/CVE-2006-1070.json +++ b/2006/1xxx/CVE-2006-1070.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 DVguestbook 1.0 And 1.2.2 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427214/100/0/threaded" - }, - { - "name" : "http://biyosecurity.be/bugs/dvguestbook.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/dvguestbook.txt" - }, - { - "name" : "16968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16968" - }, - { - "name" : "ADV-2006-0842", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0842" - }, - { - "name" : "19098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19098" - }, - { - "name" : "dvguestbook-index-dvgbook-xss(25049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://biyosecurity.be/bugs/dvguestbook.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/dvguestbook.txt" + }, + { + "name": "19098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19098" + }, + { + "name": "16968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16968" + }, + { + "name": "ADV-2006-0842", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0842" + }, + { + "name": "20060309 DVguestbook 1.0 And 1.2.2 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427214/100/0/threaded" + }, + { + "name": "dvguestbook-index-dvgbook-xss(25049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25049" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1155.json b/2006/1xxx/CVE-2006-1155.json index dcb1a4922aa..346770dc8ed 100644 --- a/2006/1xxx/CVE-2006-1155.json +++ b/2006/1xxx/CVE-2006-1155.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.manastungare.com/projects/site-membership/", - "refsource" : "CONFIRM", - "url" : "http://www.manastungare.com/projects/site-membership/" - }, - { - "name" : "17045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17045" - }, - { - "name" : "ADV-2006-0884", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0884" - }, - { - "name" : "23753", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23753" - }, - { - "name" : "23754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23754" - }, - { - "name" : "19156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19156" - }, - { - "name" : "manas-tungare-login-default-xss(25109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23754" + }, + { + "name": "19156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19156" + }, + { + "name": "http://www.manastungare.com/projects/site-membership/", + "refsource": "CONFIRM", + "url": "http://www.manastungare.com/projects/site-membership/" + }, + { + "name": "17045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17045" + }, + { + "name": "manas-tungare-login-default-xss(25109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25109" + }, + { + "name": "ADV-2006-0884", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0884" + }, + { + "name": "23753", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23753" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1194.json b/2006/1xxx/CVE-2006-1194.json index 3d96bc0ad50..8b8e6991b42 100644 --- a/2006/1xxx/CVE-2006-1194.json +++ b/2006/1xxx/CVE-2006-1194.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427465/100/0/threaded" - }, - { - "name" : "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/enetx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/enetx-adv.txt" - }, - { - "name" : "17087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17087" - }, - { - "name" : "ADV-2006-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0940" - }, - { - "name" : "23844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23844" - }, - { - "name" : "1015767", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015767" - }, - { - "name" : "19208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19208" - }, - { - "name" : "enet-signedness-dos(25157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html" + }, + { + "name": "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427465/100/0/threaded" + }, + { + "name": "1015767", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015767" + }, + { + "name": "17087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17087" + }, + { + "name": "23844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23844" + }, + { + "name": "enet-signedness-dos(25157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25157" + }, + { + "name": "19208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19208" + }, + { + "name": "ADV-2006-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0940" + }, + { + "name": "http://aluigi.altervista.org/adv/enetx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/enetx-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1610.json b/2006/1xxx/CVE-2006-1610.json index 333432145f6..43455c90581 100644 --- a/2006/1xxx/CVE-2006-1610.json +++ b/2006/1xxx/CVE-2006-1610.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060401 SQuery <= 4.5 Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429611/100/0/threaded" - }, - { - "name" : "1629", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1629" - }, - { - "name" : "17434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17434" - }, - { - "name" : "ADV-2006-1204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1204" - }, - { - "name" : "24400", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24400" - }, - { - "name" : "19482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19482" - }, - { - "name" : "squery-file-include(25605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17434" + }, + { + "name": "squery-file-include(25605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25605" + }, + { + "name": "ADV-2006-1204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1204" + }, + { + "name": "1629", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1629" + }, + { + "name": "19482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19482" + }, + { + "name": "20060401 SQuery <= 4.5 Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429611/100/0/threaded" + }, + { + "name": "24400", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24400" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1937.json b/2006/1xxx/CVE-2006-1937.json index 7e52ab70fe4..2b557efcd14 100644 --- a/2006/1xxx/CVE-2006-1937.json +++ b/2006/1xxx/CVE-2006-1937.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" - }, - { - "name" : "DSA-1049", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1049" - }, - { - "name" : "FEDORA-2006-456", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" - }, - { - "name" : "FEDORA-2006-461", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" - }, - { - "name" : "GLSA-200604-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" - }, - { - "name" : "MDKSA-2006:077", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" - }, - { - "name" : "RHSA-2006:0420", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0420.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "17682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17682" - }, - { - "name" : "oval:org.mitre.oval:def:10323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10323" - }, - { - "name" : "ADV-2006-1501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1501" - }, - { - "name" : "1015985", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015985" - }, - { - "name" : "19769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19769" - }, - { - "name" : "19805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19805" - }, - { - "name" : "19828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19828" - }, - { - "name" : "19839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19839" - }, - { - "name" : "19958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19958" - }, - { - "name" : "19962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19962" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "20944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20944" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "ethereal-aim-dos(26019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26019" - }, - { - "name" : "ethereal-general-dissector-dos(26018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26018" - }, - { - "name" : "ethereal-h245-dos(26011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26011" - }, - { - "name" : "ethereal-h248-dissector-dos(26007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26007" - }, - { - "name" : "ethereal-h248-dos(26031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26031" - }, - { - "name" : "ethereal-srvloc-dos(26010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26010" - }, - { - "name" : "ethereal-statistics-counter-dos(26015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26015" - }, - { - "name" : "ethereal-x509if-dissector-dos(26009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ethereal-general-dissector-dos(26018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26018" + }, + { + "name": "19828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19828" + }, + { + "name": "19839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19839" + }, + { + "name": "ethereal-aim-dos(26019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26019" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "FEDORA-2006-456", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" + }, + { + "name": "MDKSA-2006:077", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00023.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00023.html" + }, + { + "name": "ethereal-h248-dos(26031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26031" + }, + { + "name": "19769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19769" + }, + { + "name": "19962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19962" + }, + { + "name": "ethereal-srvloc-dos(26010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26010" + }, + { + "name": "FEDORA-2006-461", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" + }, + { + "name": "1015985", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015985" + }, + { + "name": "ethereal-x509if-dissector-dos(26009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26009" + }, + { + "name": "GLSA-200604-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" + }, + { + "name": "oval:org.mitre.oval:def:10323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10323" + }, + { + "name": "ethereal-h245-dos(26011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26011" + }, + { + "name": "ADV-2006-1501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1501" + }, + { + "name": "DSA-1049", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1049" + }, + { + "name": "19805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19805" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" + }, + { + "name": "ethereal-h248-dissector-dos(26007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26007" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "ethereal-statistics-counter-dos(26015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26015" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + }, + { + "name": "17682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17682" + }, + { + "name": "20944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20944" + }, + { + "name": "RHSA-2006:0420", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0420.html" + }, + { + "name": "19958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19958" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4059.json b/2006/4xxx/CVE-2006-4059.json index eae5beb42d5..7a2b9307b57 100644 --- a/2006/4xxx/CVE-2006-4059.json +++ b/2006/4xxx/CVE-2006-4059.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442434/100/0/threaded" - }, - { - "name" : "http://www.bb-pcsecurity.de/sicherheit_286.htm", - "refsource" : "MISC", - "url" : "http://www.bb-pcsecurity.de/sicherheit_286.htm" - }, - { - "name" : "2135", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2135" - }, - { - "name" : "http://www.usolved.net/site/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.usolved.net/site/index.php" - }, - { - "name" : "19379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19379" - }, - { - "name" : "ADV-2006-3200", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3200" - }, - { - "name" : "27836", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27836" - }, - { - "name" : "27837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27837" - }, - { - "name" : "27838", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27838" - }, - { - "name" : "27839", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27839" - }, - { - "name" : "27840", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27840" - }, - { - "name" : "21395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21395" - }, - { - "name" : "1366", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1366" - }, - { - "name" : "newsolved-lite-abspath-file-include(28262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27839", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27839" + }, + { + "name": "http://www.bb-pcsecurity.de/sicherheit_286.htm", + "refsource": "MISC", + "url": "http://www.bb-pcsecurity.de/sicherheit_286.htm" + }, + { + "name": "1366", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1366" + }, + { + "name": "21395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21395" + }, + { + "name": "27840", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27840" + }, + { + "name": "27836", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27836" + }, + { + "name": "2135", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2135" + }, + { + "name": "newsolved-lite-abspath-file-include(28262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28262" + }, + { + "name": "19379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19379" + }, + { + "name": "ADV-2006-3200", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3200" + }, + { + "name": "27837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27837" + }, + { + "name": "27838", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27838" + }, + { + "name": "20060806 NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442434/100/0/threaded" + }, + { + "name": "http://www.usolved.net/site/index.php", + "refsource": "CONFIRM", + "url": "http://www.usolved.net/site/index.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5140.json b/2006/5xxx/CVE-2006-5140.json index f2ed83413ee..24fe0e5dd2c 100644 --- a/2006/5xxx/CVE-2006-5140.json +++ b/2006/5xxx/CVE-2006-5140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2456", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2456" - }, - { - "name" : "20270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20270" - }, - { - "name" : "phpkrazyimage-display-sql-injection(29270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpkrazyimage-display-sql-injection(29270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29270" + }, + { + "name": "2456", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2456" + }, + { + "name": "20270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20270" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5554.json b/2006/5xxx/CVE-2006-5554.json index bbb825e6963..f9c71432c41 100644 --- a/2006/5xxx/CVE-2006-5554.json +++ b/2006/5xxx/CVE-2006-5554.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2647", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2647" - }, - { - "name" : "20731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20731" - }, - { - "name" : "ADV-2006-4188", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4188" - }, - { - "name" : "22552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2647", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2647" + }, + { + "name": "ADV-2006-4188", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4188" + }, + { + "name": "20731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20731" + }, + { + "name": "22552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22552" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5781.json b/2006/5xxx/CVE-2006-5781.json index d95c0d0d5b6..82bef49a871 100644 --- a/2006/5xxx/CVE-2006-5781.json +++ b/2006/5xxx/CVE-2006-5781.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061102 iodine client 0.3.2 buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450399/100/0/threaded" - }, - { - "name" : "http://code.kryo.se/iodine/CHANGELOG.txt", - "refsource" : "CONFIRM", - "url" : "http://code.kryo.se/iodine/CHANGELOG.txt" - }, - { - "name" : "20883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20883" - }, - { - "name" : "ADV-2006-4333", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4333" - }, - { - "name" : "30182", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30182" - }, - { - "name" : "1017155", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017155" - }, - { - "name" : "22674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22674" - }, - { - "name" : "iodine-handshake-bo(29995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061102 iodine client 0.3.2 buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450399/100/0/threaded" + }, + { + "name": "20883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20883" + }, + { + "name": "30182", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30182" + }, + { + "name": "22674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22674" + }, + { + "name": "ADV-2006-4333", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4333" + }, + { + "name": "1017155", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017155" + }, + { + "name": "iodine-handshake-bo(29995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29995" + }, + { + "name": "http://code.kryo.se/iodine/CHANGELOG.txt", + "refsource": "CONFIRM", + "url": "http://code.kryo.se/iodine/CHANGELOG.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0073.json b/2010/0xxx/CVE-2010-0073.json index 30b7aba59e4..03ea7c610ae 100644 --- a/2010/0xxx/CVE-2010-0073.json +++ b/2010/0xxx/CVE-2010-0073.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39439" - }, - { - "name" : "ADV-2010-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "ADV-2010-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0216" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html" + }, + { + "name": "39439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39439" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0084.json b/2010/0xxx/CVE-2010-0084.json index 95f2b92e4b9..2f051854e00 100644 --- a/2010/0xxx/CVE-2010-0084.json +++ b/2010/0xxx/CVE-2010-0084.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html" - }, - { - "name" : "RHSA-2010:0383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html" - }, - { - "name" : "RHSA-2010:0471", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-923-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-923-1" - }, - { - "name" : "63482", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63482" - }, - { - "name" : "oval:org.mitre.oval:def:11120", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11120" - }, - { - "name" : "oval:org.mitre.oval:def:14061", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14061" - }, - { - "name" : "39292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39292" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "39659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39659" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - }, - { - "name" : "ADV-2010-1454", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1454" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "RHSA-2010:0383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "ADV-2010-1454", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1454" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14061", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14061" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "oval:org.mitre.oval:def:11120", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11120" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "RHSA-2010:0339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "39292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39292" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "39659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39659" + }, + { + "name": "RHSA-2010:0471", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "63482", + "refsource": "OSVDB", + "url": "http://osvdb.org/63482" + }, + { + "name": "USN-923-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-923-1" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0451.json b/2010/0xxx/CVE-2010-0451.json index 59323abf5b7..56823ab7e5d 100644 --- a/2010/0xxx/CVE-2010-0451.json +++ b/2010/0xxx/CVE-2010-0451.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-0451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02509", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126962272413767&w=2" - }, - { - "name" : "SSRT100032", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126962272413767&w=2" - }, - { - "name" : "38982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38982" - }, - { - "name" : "63243", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63243" - }, - { - "name" : "oval:org.mitre.oval:def:12025", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12025" - }, - { - "name" : "1023758", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023758" - }, - { - "name" : "39111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39111" - }, - { - "name" : "ADV-2010-0731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0731" - }, - { - "name" : "hpux-oncplus-weak-security(57216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hpux-oncplus-weak-security(57216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57216" + }, + { + "name": "63243", + "refsource": "OSVDB", + "url": "http://osvdb.org/63243" + }, + { + "name": "38982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38982" + }, + { + "name": "HPSBUX02509", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126962272413767&w=2" + }, + { + "name": "ADV-2010-0731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0731" + }, + { + "name": "SSRT100032", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126962272413767&w=2" + }, + { + "name": "1023758", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023758" + }, + { + "name": "39111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39111" + }, + { + "name": "oval:org.mitre.oval:def:12025", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12025" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0508.json b/2010/0xxx/CVE-2010-0508.json index 70475294a43..d4a00eb5589 100644 --- a/2010/0xxx/CVE-2010-0508.json +++ b/2010/0xxx/CVE-2010-0508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0923.json b/2010/0xxx/CVE-2010-0923.json index d0e99eab60b..8a70a0fd4f5 100644 --- a/2010/0xxx/CVE-2010-0923.json +++ b/2010/0xxx/CVE-2010-0923.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126598163422670&w=2" - }, - { - "name" : "[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126599909614401&w=2" - }, - { - "name" : "[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126600468622421&w=2" - }, - { - "name" : "[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/17/3" - }, - { - "name" : "http://bugs.kde.org/show_bug.cgi?id=226449", - "refsource" : "CONFIRM", - "url" : "http://bugs.kde.org/show_bug.cgi?id=226449" - }, - { - "name" : "http://websvn.kde.org/?revision=1089213&view=revision", - "refsource" : "CONFIRM", - "url" : "http://websvn.kde.org/?revision=1089213&view=revision" - }, - { - "name" : "http://websvn.kde.org/?view=revision&revision=1089241", - "refsource" : "CONFIRM", - "url" : "http://websvn.kde.org/?view=revision&revision=1089241" - }, - { - "name" : "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213", - "refsource" : "CONFIRM", - "url" : "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20100217-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20100217-1.txt" - }, - { - "name" : "https://bugs.kde.org/show_bug.cgi?id=217882", - "refsource" : "CONFIRM", - "url" : "https://bugs.kde.org/show_bug.cgi?id=217882" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=579280", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=579280" - }, - { - "name" : "1023641", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023641" - }, - { - "name" : "38600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38600" - }, - { - "name" : "ADV-2010-0409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://websvn.kde.org/?view=revision&revision=1089241", + "refsource": "CONFIRM", + "url": "http://websvn.kde.org/?view=revision&revision=1089241" + }, + { + "name": "http://bugs.kde.org/show_bug.cgi?id=226449", + "refsource": "CONFIRM", + "url": "http://bugs.kde.org/show_bug.cgi?id=226449" + }, + { + "name": "38600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38600" + }, + { + "name": "[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126600468622421&w=2" + }, + { + "name": "[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126599909614401&w=2" + }, + { + "name": "[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/17/3" + }, + { + "name": "http://websvn.kde.org/?revision=1089213&view=revision", + "refsource": "CONFIRM", + "url": "http://websvn.kde.org/?revision=1089213&view=revision" + }, + { + "name": "[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126598163422670&w=2" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=579280", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=579280" + }, + { + "name": "http://www.kde.org/info/security/advisory-20100217-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20100217-1.txt" + }, + { + "name": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213", + "refsource": "CONFIRM", + "url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213" + }, + { + "name": "1023641", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023641" + }, + { + "name": "ADV-2010-0409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0409" + }, + { + "name": "https://bugs.kde.org/show_bug.cgi?id=217882", + "refsource": "CONFIRM", + "url": "https://bugs.kde.org/show_bug.cgi?id=217882" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2675.json b/2010/2xxx/CVE-2010-2675.json index 8f1614d88e1..da767452f9f 100644 --- a/2010/2xxx/CVE-2010-2675.json +++ b/2010/2xxx/CVE-2010-2675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11923", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11923" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt" + }, + { + "name": "11923", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11923" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2691.json b/2010/2xxx/CVE-2010-2691.json index 2a7b97eb4b1..ea4a63f5acc 100644 --- a/2010/2xxx/CVE-2010-2691.json +++ b/2010/2xxx/CVE-2010-2691.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14048", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14048" - }, - { - "name" : "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt" - }, - { - "name" : "41154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41154" - }, - { - "name" : "65824", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65824" - }, - { - "name" : "65825", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65825" - }, - { - "name" : "65826", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65826" - }, - { - "name" : "40362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40362" - }, - { - "name" : "ADV-2010-1608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1608" - }, - { - "name" : "customtshirt-multiple-sql-injection(59790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt" + }, + { + "name": "65825", + "refsource": "OSVDB", + "url": "http://osvdb.org/65825" + }, + { + "name": "14048", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14048" + }, + { + "name": "40362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40362" + }, + { + "name": "41154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41154" + }, + { + "name": "65826", + "refsource": "OSVDB", + "url": "http://osvdb.org/65826" + }, + { + "name": "customtshirt-multiple-sql-injection(59790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59790" + }, + { + "name": "ADV-2010-1608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1608" + }, + { + "name": "65824", + "refsource": "OSVDB", + "url": "http://osvdb.org/65824" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2992.json b/2010/2xxx/CVE-2010-2992.json index b5a9357cce4..830e152c17a 100644 --- a/2010/2xxx/CVE-2010-2992.json +++ b/2010/2xxx/CVE-2010-2992.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4897", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4897" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11651", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11651" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4897", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4897" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "oval:org.mitre.oval:def:11651", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11651" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3134.json b/2010/3xxx/CVE-2010-3134.json index 76c44e40dd2..c1be5761edd 100644 --- a/2010/3xxx/CVE-2010-3134.json +++ b/2010/3xxx/CVE-2010-3134.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14790", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14790" - }, - { - "name" : "oval:org.mitre.oval:def:7553", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7553" - }, - { - "name" : "google-earth-dll-code-exec(64484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-earth-dll-code-exec(64484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64484" + }, + { + "name": "14790", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14790" + }, + { + "name": "oval:org.mitre.oval:def:7553", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7553" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3164.json b/2010/3xxx/CVE-2010-3164.json index e1b1a4c7853..f643ed4eca2 100644 --- a/2010/3xxx/CVE-2010-3164.json +++ b/2010/3xxx/CVE-2010-3164.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html", - "refsource" : "MISC", - "url" : "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html" - }, - { - "name" : "http://www.fenrir.co.jp/grani/note.html", - "refsource" : "MISC", - "url" : "http://www.fenrir.co.jp/grani/note.html" - }, - { - "name" : "JVN#89272705", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN89272705/index.html" - }, - { - "name" : "JVNDB-2010-000048", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html" - }, - { - "name" : "sleipnir-grani-untrusted-priv-escalation(64435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html", + "refsource": "MISC", + "url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html" + }, + { + "name": "sleipnir-grani-untrusted-priv-escalation(64435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64435" + }, + { + "name": "JVNDB-2010-000048", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html" + }, + { + "name": "JVN#89272705", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN89272705/index.html" + }, + { + "name": "http://www.fenrir.co.jp/grani/note.html", + "refsource": "MISC", + "url": "http://www.fenrir.co.jp/grani/note.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3553.json b/2010/3xxx/CVE-2010-3553.json index d5c1007eb42..13f82ee967b 100644 --- a/2010/3xxx/CVE-2010-3553.json +++ b/2010/3xxx/CVE-2010-3553.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0786", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0786.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "RHSA-2010:0986", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0986.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0169", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0169.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2010:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "44035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44035" - }, - { - "name" : "oval:org.mitre.oval:def:11798", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798" - }, - { - "name" : "oval:org.mitre.oval:def:12545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "43005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43005" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "ADV-2010-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2745" - }, - { - "name" : "ADV-2011-0183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SA:2010:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "ADV-2011-0183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0183" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "RHSA-2010:0986", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "oval:org.mitre.oval:def:11798", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798" + }, + { + "name": "44035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44035" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "RHSA-2011:0169", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html" + }, + { + "name": "oval:org.mitre.oval:def:12545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "RHSA-2010:0786", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" + }, + { + "name": "43005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43005" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "ADV-2010-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2745" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3557.json b/2010/3xxx/CVE-2010-3557.json index a39d3d8e852..63c0d787e0c 100644 --- a/2010/3xxx/CVE-2010-3557.json +++ b/2010/3xxx/CVE-2010-3557.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639904", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639904" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0786", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0786.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "RHSA-2010:0986", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0986.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0169", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0169.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2010:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "44014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44014" - }, - { - "name" : "oval:org.mitre.oval:def:11268", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268" - }, - { - "name" : "oval:org.mitre.oval:def:11930", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "43005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43005" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "ADV-2010-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2745" - }, - { - "name" : "ADV-2011-0183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SA:2010:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" + }, + { + "name": "44014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44014" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "ADV-2011-0183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0183" + }, + { + "name": "oval:org.mitre.oval:def:11268", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "oval:org.mitre.oval:def:11930", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "RHSA-2010:0986", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639904", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "RHSA-2011:0169", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "RHSA-2010:0786", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" + }, + { + "name": "43005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43005" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "ADV-2010-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2745" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4024.json b/2010/4xxx/CVE-2010-4024.json index 463d2baf362..7e6d103be48 100644 --- a/2010/4xxx/CVE-2010-4024.json +++ b/2010/4xxx/CVE-2010-4024.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02603", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811282526943&w=2" - }, - { - "name" : "SSRT100319", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811282526943&w=2" - }, - { - "name" : "1024642", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02603", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811282526943&w=2" + }, + { + "name": "1024642", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024642" + }, + { + "name": "SSRT100319", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811282526943&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4039.json b/2010/4xxx/CVE-2010-4039.json index 0168a4b152a..8c94c237bbc 100644 --- a/2010/4xxx/CVE-2010-4039.json +++ b/2010/4xxx/CVE-2010-4039.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=54132", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=54132" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html" - }, - { - "name" : "44241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44241" - }, - { - "name" : "oval:org.mitre.oval:def:14223", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14223" - }, - { - "name" : "41888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41888" - }, - { - "name" : "ADV-2010-2731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14223", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14223" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=54132", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=54132" + }, + { + "name": "ADV-2010-2731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2731" + }, + { + "name": "41888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41888" + }, + { + "name": "44241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44241" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4119.json b/2010/4xxx/CVE-2010-4119.json index 68a2ad2a90c..0022cc07b6d 100644 --- a/2010/4xxx/CVE-2010-4119.json +++ b/2010/4xxx/CVE-2010-4119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4119", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4119", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4215.json b/2010/4xxx/CVE-2010-4215.json index bb0d897a6b0..5f67ad7ba41 100644 --- a/2010/4xxx/CVE-2010-4215.json +++ b/2010/4xxx/CVE-2010-4215.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[foswiki-announce] 20101110 [ANNOUNCE] Foswiki Security Alert CVE-2010-4215 - User can alter topic preferences using the \"Edit topic preference settings\" feature and save them even though he has no privileges to edit the topic.", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk" - }, - { - "name" : "http://foswiki.org/Support/SecurityAlertCVE20104215", - "refsource" : "CONFIRM", - "url" : "http://foswiki.org/Support/SecurityAlertCVE20104215" - }, - { - "name" : "44858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44858" - }, - { - "name" : "42275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42275" - }, - { - "name" : "foswiki-manage-priv-escalation(63253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44858" + }, + { + "name": "foswiki-manage-priv-escalation(63253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253" + }, + { + "name": "http://foswiki.org/Support/SecurityAlertCVE20104215", + "refsource": "CONFIRM", + "url": "http://foswiki.org/Support/SecurityAlertCVE20104215" + }, + { + "name": "[foswiki-announce] 20101110 [ANNOUNCE] Foswiki Security Alert CVE-2010-4215 - User can alter topic preferences using the \"Edit topic preference settings\" feature and save them even though he has no privileges to edit the topic.", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk" + }, + { + "name": "42275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42275" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4547.json b/2010/4xxx/CVE-2010-4547.json index 0e78be3267b..33e5f31107c 100644 --- a/2010/4xxx/CVE-2010-4547.json +++ b/2010/4xxx/CVE-2010-4547.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes" - }, - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" - }, - { - "name" : "LO49967", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" + }, + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes" + }, + { + "name": "LO49967", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49967" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10019.json b/2014/10xxx/CVE-2014-10019.json index 84c16b2a3d9..bc2d974be7d 100644 --- a/2014/10xxx/CVE-2014-10019.json +++ b/2014/10xxx/CVE-2014-10019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32943", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32943" - }, - { - "name" : "teracom-t2b-country-csrf(92715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32943", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32943" + }, + { + "name": "teracom-t2b-country-csrf(92715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92715" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3685.json b/2014/3xxx/CVE-2014-3685.json index 9ee6c92e76c..392f156f3d7 100644 --- a/2014/3xxx/CVE-2014-3685.json +++ b/2014/3xxx/CVE-2014-3685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3685", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3685", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4108.json b/2014/4xxx/CVE-2014-4108.json index 4fae7af8ecf..0b197376cca 100644 --- a/2014/4xxx/CVE-2014-4108.json +++ b/2014/4xxx/CVE-2014-4108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69617" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "69617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69617" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4357.json b/2014/4xxx/CVE-2014-4357.json index cba8c03fda7..ac79aa5a11e 100644 --- a/2014/4xxx/CVE-2014-4357.json +++ b/2014/4xxx/CVE-2014-4357.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69930" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144357-info-disc(96107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "69930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69930" + }, + { + "name": "appleios-cve20144357-info-disc(96107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96107" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4460.json b/2014/4xxx/CVE-2014-4460.json index b205e91ad6a..8294fccfc1e 100644 --- a/2014/4xxx/CVE-2014-4460.json +++ b/2014/4xxx/CVE-2014-4460.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/en-us/HT6590", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6590" - }, - { - "name" : "https://support.apple.com/en-us/HT6591", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6591" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "https://support.apple.com/en-us/HT204418", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204418" - }, - { - "name" : "https://support.apple.com/en-us/HT204419", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204419" - }, - { - "name" : "APPLE-SA-2014-11-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2014-11-17-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "71135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71135" - }, - { - "name" : "1031230", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031230" - }, - { - "name" : "macosx-cve20144460-info-disc(98783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-11-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" + }, + { + "name": "71135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71135" + }, + { + "name": "1031230", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031230" + }, + { + "name": "https://support.apple.com/en-us/HT6590", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6590" + }, + { + "name": "APPLE-SA-2014-11-17-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html" + }, + { + "name": "https://support.apple.com/en-us/HT204419", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204419" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "macosx-cve20144460-info-disc(98783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98783" + }, + { + "name": "https://support.apple.com/en-us/HT204418", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204418" + }, + { + "name": "https://support.apple.com/en-us/HT6591", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6591" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4659.json b/2014/4xxx/CVE-2014-4659.json index 5cc6f82bc42..c60d2175ef0 100644 --- a/2014/4xxx/CVE-2014-4659.json +++ b/2014/4xxx/CVE-2014-4659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4703.json b/2014/4xxx/CVE-2014-4703.json index 4021d0f49a7..4664e24008b 100644 --- a/2014/4xxx/CVE-2014-4703.json +++ b/2014/4xxx/CVE-2014-4703.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/141" - }, - { - "name" : "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/30/6" - }, - { - "name" : "http://nagios-plugins.org/nagios-plugins-2-0-3-released/", - "refsource" : "CONFIRM", - "url" : "http://nagios-plugins.org/nagios-plugins-2-0-3-released/" - }, - { - "name" : "76810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/", + "refsource": "CONFIRM", + "url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/" + }, + { + "name": "20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/141" + }, + { + "name": "76810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76810" + }, + { + "name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/30/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8076.json b/2014/8xxx/CVE-2014-8076.json index d3765df3d67..f9386466cc3 100644 --- a/2014/8xxx/CVE-2014-8076.json +++ b/2014/8xxx/CVE-2014-8076.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via vectors related to custom copyright information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/2248145", - "refsource" : "MISC", - "url" : "http://drupal.org/node/2248145" - }, - { - "name" : "https://www.drupal.org/node/2248095", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2248095" - }, - { - "name" : "58233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58233" - }, - { - "name" : "professional-theme-drupal-theme-xss(92755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via vectors related to custom copyright information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "professional-theme-drupal-theme-xss(92755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92755" + }, + { + "name": "58233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58233" + }, + { + "name": "http://drupal.org/node/2248145", + "refsource": "MISC", + "url": "http://drupal.org/node/2248145" + }, + { + "name": "https://www.drupal.org/node/2248095", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2248095" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8267.json b/2014/8xxx/CVE-2014-8267.json index 6956ace357b..8a59c6bbf46 100644 --- a/2014/8xxx/CVE-2014-8267.json +++ b/2014/8xxx/CVE-2014-8267.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-8267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#546340", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/546340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#546340", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/546340" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8341.json b/2014/8xxx/CVE-2014-8341.json index b6454d936b2..8be3ca5f4a7 100644 --- a/2014/8xxx/CVE-2014-8341.json +++ b/2014/8xxx/CVE-2014-8341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9510.json b/2014/9xxx/CVE-2014-9510.json index 8f937d14eaa..37a5f27e617 100644 --- a/2014/9xxx/CVE-2014-9510.json +++ b/2014/9xxx/CVE-2014-9510.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150107 CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/14" - }, - { - "name" : "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/" - }, - { - "name" : "http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1", - "refsource" : "CONFIRM", - "url" : "http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1" - }, - { - "name" : "71913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150107 CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/14" + }, + { + "name": "71913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71913" + }, + { + "name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/", + "refsource": "MISC", + "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/" + }, + { + "name": "http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1", + "refsource": "CONFIRM", + "url": "http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9589.json b/2014/9xxx/CVE-2014-9589.json index a0a59db66a3..a3dcce8f0ba 100644 --- a/2014/9xxx/CVE-2014-9589.json +++ b/2014/9xxx/CVE-2014-9589.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9589", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2367.json b/2016/2xxx/CVE-2016-2367.json index 3cfa13355bf..7565e4cbc41 100644 --- a/2016/2xxx/CVE-2016-2367.json +++ b/2016/2xxx/CVE-2016-2367.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pidgin", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.11" - } - ] - } - } - ] - }, - "vendor_name" : "Pidgin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pidgin", + "version": { + "version_data": [ + { + "version_value": "2.10.11" + } + ] + } + } + ] + }, + "vendor_name": "Pidgin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0135/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0135/" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=100", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=100" - }, - { - "name" : "DSA-3620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3620" - }, - { - "name" : "GLSA-201701-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-38" - }, - { - "name" : "USN-3031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3031-1" - }, - { - "name" : "91335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91335" + }, + { + "name": "http://www.pidgin.im/news/security/?id=100", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=100" + }, + { + "name": "DSA-3620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3620" + }, + { + "name": "GLSA-201701-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-38" + }, + { + "name": "USN-3031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3031-1" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0135/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0135/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2627.json b/2016/2xxx/CVE-2016-2627.json index e18111d9fef..f743c4d1162 100644 --- a/2016/2xxx/CVE-2016-2627.json +++ b/2016/2xxx/CVE-2016-2627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2627", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2627", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2686.json b/2016/2xxx/CVE-2016-2686.json index 4ac0e0438f7..e44aa780f9b 100644 --- a/2016/2xxx/CVE-2016-2686.json +++ b/2016/2xxx/CVE-2016-2686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2686", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2686", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2878.json b/2016/2xxx/CVE-2016-2878.json index a7ee829f329..3996e8e19f5 100644 --- a/2016/2xxx/CVE-2016-2878.json +++ b/2016/2xxx/CVE-2016-2878.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987776", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987776" - }, - { - "name" : "95004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987776", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987776" + }, + { + "name": "95004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95004" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3016.json b/2016/3xxx/CVE-2016-3016.json index 3cff7b6fc85..e92d78fe845 100644 --- a/2016/3xxx/CVE-2016-3016.json +++ b/2016/3xxx/CVE-2016-3016.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995518", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995518", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995518" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3670.json b/2016/3xxx/CVE-2016-3670.json index 4ba5556ba2f..80f407296ac 100644 --- a/2016/3xxx/CVE-2016-3670.json +++ b/2016/3xxx/CVE-2016-3670.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39880", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39880/" - }, - { - "name" : "20160601 CVE-2016-3670 Stored Cross Site Scripting in Liferay CE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jun/5" - }, - { - "name" : "http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html" - }, - { - "name" : "https://labs.integrity.pt/advisories/cve-2016-3670/", - "refsource" : "MISC", - "url" : "https://labs.integrity.pt/advisories/cve-2016-3670/" - }, - { - "name" : "https://issues.liferay.com/browse/LPS-62387", - "refsource" : "CONFIRM", - "url" : "https://issues.liferay.com/browse/LPS-62387" - }, - { - "name" : "1036083", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.integrity.pt/advisories/cve-2016-3670/", + "refsource": "MISC", + "url": "https://labs.integrity.pt/advisories/cve-2016-3670/" + }, + { + "name": "39880", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39880/" + }, + { + "name": "20160601 CVE-2016-3670 Stored Cross Site Scripting in Liferay CE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jun/5" + }, + { + "name": "https://issues.liferay.com/browse/LPS-62387", + "refsource": "CONFIRM", + "url": "https://issues.liferay.com/browse/LPS-62387" + }, + { + "name": "1036083", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036083" + }, + { + "name": "http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6782.json b/2016/6xxx/CVE-2016-6782.json index c2f6f2f4355..a82d29f1b91 100644 --- a/2016/6xxx/CVE-2016-6782.json +++ b/2016/6xxx/CVE-2016-6782.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94683" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7311.json b/2016/7xxx/CVE-2016-7311.json index 644822c1531..b81adfc4052 100644 --- a/2016/7xxx/CVE-2016-7311.json +++ b/2016/7xxx/CVE-2016-7311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7311", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7311", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7417.json b/2016/7xxx/CVE-2016-7417.json index 23353fd3cdd..c2e10f8fd41 100644 --- a/2016/7xxx/CVE-2016-7417.json +++ b/2016/7xxx/CVE-2016-7417.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/10" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73029", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73029" - }, - { - "name" : "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "93007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93007" - }, - { - "name" : "1036836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "1036836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036836" + }, + { + "name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "93007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93007" + }, + { + "name": "https://bugs.php.net/bug.php?id=73029", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73029" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7428.json b/2016/7xxx/CVE-2016-7428.json index bbd78a915d8..38ae1ddb3a1 100644 --- a/2016/7xxx/CVE-2016-7428.json +++ b/2016/7xxx/CVE-2016-7428.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nwtime.org/ntp428p9_release/", - "refsource" : "CONFIRM", - "url" : "http://nwtime.org/ntp428p9_release/" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3113", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3113" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa139", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa139" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us" - }, - { - "name" : "FreeBSD-SA-16:39", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc" - }, - { - "name" : "USN-3707-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3707-2/" - }, - { - "name" : "VU#633847", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/633847" - }, - { - "name" : "94446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94446" - }, - { - "name" : "1037354", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" + }, + { + "name": "USN-3707-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3707-2/" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3113", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3113" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" + }, + { + "name": "http://nwtime.org/ntp428p9_release/", + "refsource": "CONFIRM", + "url": "http://nwtime.org/ntp428p9_release/" + }, + { + "name": "94446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94446" + }, + { + "name": "VU#633847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/633847" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us" + }, + { + "name": "1037354", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037354" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa139", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa139" + }, + { + "name": "FreeBSD-SA-16:39", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7510.json b/2016/7xxx/CVE-2016-7510.json index f4739ff2d6d..65d13380018 100644 --- a/2016/7xxx/CVE-2016-7510.json +++ b/2016/7xxx/CVE-2016-7510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1377015", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1377015" - }, - { - "name" : "https://sourceforge.net/p/libdwarf/bugs/4/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/libdwarf/bugs/4/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015" + }, + { + "name": "https://sourceforge.net/p/libdwarf/bugs/4/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/libdwarf/bugs/4/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7543.json b/2016/7xxx/CVE-2016-7543.json index 883f13d3f47..4efb3e45d38 100644 --- a/2016/7xxx/CVE-2016-7543.json +++ b/2016/7xxx/CVE-2016-7543.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-bash] 20160916 Bash-4.4 Release available", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html" - }, - { - "name" : "[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/26/9" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115" - }, - { - "name" : "FEDORA-2016-2c4b5ad64e", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/" - }, - { - "name" : "FEDORA-2016-5a54fb4784", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/" - }, - { - "name" : "FEDORA-2016-f84391516d", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/" - }, - { - "name" : "GLSA-201701-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-02" - }, - { - "name" : "RHSA-2017:0725", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0725.html" - }, - { - "name" : "RHSA-2017:1931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1931" - }, - { - "name" : "93183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93183" - }, - { - "name" : "1037812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0725", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html" + }, + { + "name": "FEDORA-2016-5a54fb4784", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/" + }, + { + "name": "RHSA-2017:1931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1931" + }, + { + "name": "FEDORA-2016-2c4b5ad64e", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/" + }, + { + "name": "[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/26/9" + }, + { + "name": "[bug-bash] 20160916 Bash-4.4 Release available", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html" + }, + { + "name": "93183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93183" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115" + }, + { + "name": "FEDORA-2016-f84391516d", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/" + }, + { + "name": "1037812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037812" + }, + { + "name": "GLSA-201701-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7819.json b/2016/7xxx/CVE-2016-7819.json index 34f26faa6a3..3e0ec79acb8 100644 --- a/2016/7xxx/CVE-2016-7819.json +++ b/2016/7xxx/CVE-2016-7819.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TS-WRLP", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.01.02 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WRLA", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.01.02 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TS-WRLP", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.01.02 and earlier" + } + ] + } + }, + { + "product_name": "TS-WRLA", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.01.02 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2016/ts-wrlap_2/", - "refsource" : "CONFIRM", - "url" : "http://www.iodata.jp/support/information/2016/ts-wrlap_2/" - }, - { - "name" : "JVN#25059363", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN25059363/index.html" - }, - { - "name" : "94594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94594" + }, + { + "name": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/", + "refsource": "CONFIRM", + "url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/" + }, + { + "name": "JVN#25059363", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN25059363/index.html" + } + ] + } +} \ No newline at end of file