From 9690b0a7bc6f85bab6b59991449bc8aeaeb241ac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:26:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5799.json | 180 +++++++-------- 2006/5xxx/CVE-2006-5874.json | 180 +++++++-------- 2007/2xxx/CVE-2007-2048.json | 200 ++++++++--------- 2007/2xxx/CVE-2007-2258.json | 150 ++++++------- 2007/2xxx/CVE-2007-2565.json | 160 +++++++------- 2007/2xxx/CVE-2007-2840.json | 34 +-- 2007/2xxx/CVE-2007-2941.json | 160 +++++++------- 2007/3xxx/CVE-2007-3400.json | 170 +++++++------- 2007/3xxx/CVE-2007-3691.json | 150 ++++++------- 2007/6xxx/CVE-2007-6349.json | 180 +++++++-------- 2007/6xxx/CVE-2007-6402.json | 160 +++++++------- 2010/0xxx/CVE-2010-0777.json | 170 +++++++------- 2010/1xxx/CVE-2010-1193.json | 150 ++++++------- 2010/1xxx/CVE-2010-1293.json | 140 ++++++------ 2010/1xxx/CVE-2010-1420.json | 130 +++++------ 2010/1xxx/CVE-2010-1632.json | 300 ++++++++++++------------- 2010/1xxx/CVE-2010-1863.json | 120 +++++----- 2010/1xxx/CVE-2010-1962.json | 210 +++++++++--------- 2010/5xxx/CVE-2010-5086.json | 150 ++++++------- 2010/5xxx/CVE-2010-5324.json | 160 +++++++------- 2014/0xxx/CVE-2014-0231.json | 390 ++++++++++++++++----------------- 2014/0xxx/CVE-2014-0464.json | 140 ++++++------ 2014/0xxx/CVE-2014-0907.json | 330 ++++++++++++++-------------- 2014/0xxx/CVE-2014-0988.json | 130 +++++------ 2014/1xxx/CVE-2014-1362.json | 170 +++++++------- 2014/1xxx/CVE-2014-1571.json | 200 ++++++++--------- 2014/1xxx/CVE-2014-1848.json | 34 +-- 2014/1xxx/CVE-2014-1958.json | 34 +-- 2014/1xxx/CVE-2014-1961.json | 160 +++++++------- 2014/4xxx/CVE-2014-4198.json | 34 +-- 2014/5xxx/CVE-2014-5009.json | 240 ++++++++++---------- 2014/5xxx/CVE-2014-5112.json | 120 +++++----- 2015/2xxx/CVE-2015-2111.json | 140 ++++++------ 2016/10xxx/CVE-2016-10044.json | 170 +++++++------- 2016/10xxx/CVE-2016-10271.json | 140 ++++++------ 2016/10xxx/CVE-2016-10516.json | 140 ++++++------ 2016/10xxx/CVE-2016-10552.json | 122 +++++------ 2016/3xxx/CVE-2016-3171.json | 150 ++++++------- 2016/3xxx/CVE-2016-3705.json | 270 +++++++++++------------ 2016/3xxx/CVE-2016-3724.json | 150 ++++++------- 2016/3xxx/CVE-2016-3828.json | 140 ++++++------ 2016/4xxx/CVE-2016-4377.json | 130 +++++------ 2016/8xxx/CVE-2016-8108.json | 34 +-- 2016/8xxx/CVE-2016-8230.json | 120 +++++----- 2016/8xxx/CVE-2016-8361.json | 130 +++++------ 2016/8xxx/CVE-2016-8669.json | 200 ++++++++--------- 2016/8xxx/CVE-2016-8773.json | 130 +++++------ 2016/9xxx/CVE-2016-9092.json | 158 ++++++------- 2016/9xxx/CVE-2016-9217.json | 130 +++++------ 2016/9xxx/CVE-2016-9468.json | 180 +++++++-------- 2016/9xxx/CVE-2016-9980.json | 130 +++++------ 2019/2xxx/CVE-2019-2019.json | 34 +-- 2019/2xxx/CVE-2019-2183.json | 34 +-- 2019/2xxx/CVE-2019-2593.json | 34 +-- 2019/2xxx/CVE-2019-2861.json | 34 +-- 2019/6xxx/CVE-2019-6082.json | 34 +-- 2019/6xxx/CVE-2019-6101.json | 34 +-- 2019/6xxx/CVE-2019-6560.json | 34 +-- 2019/6xxx/CVE-2019-6842.json | 34 +-- 2019/7xxx/CVE-2019-7246.json | 34 +-- 60 files changed, 4153 insertions(+), 4153 deletions(-) diff --git a/2006/5xxx/CVE-2006-5799.json b/2006/5xxx/CVE-2006-5799.json index 49638fe747c..483e16e856e 100644 --- a/2006/5xxx/CVE-2006-5799.json +++ b/2006/5xxx/CVE-2006-5799.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 Xenis.creator CMS - Multiple Cross", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116266150514762&w=2" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31" - }, - { - "name" : "20908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20908" - }, - { - "name" : "ADV-2006-4470", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4470" - }, - { - "name" : "1017162", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017162" - }, - { - "name" : "22716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22716" - }, - { - "name" : "xeniscreatorcms-default-xss(30019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22716" + }, + { + "name": "20908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20908" + }, + { + "name": "20061104 Xenis.creator CMS - Multiple Cross", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116266150514762&w=2" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31" + }, + { + "name": "ADV-2006-4470", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4470" + }, + { + "name": "1017162", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017162" + }, + { + "name": "xeniscreatorcms-default-xss(30019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30019" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5874.json b/2006/5xxx/CVE-2006-5874.json index eb9df5d5fa4..9c96ed2ca96 100644 --- a/2006/5xxx/CVE-2006-5874.json +++ b/2006/5xxx/CVE-2006-5874.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1232", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1232" - }, - { - "name" : "MDKSA-2006:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230" - }, - { - "name" : "SUSE-SA:2006:078", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_78_clamav.html" - }, - { - "name" : "21510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21510" - }, - { - "name" : "23327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23327" - }, - { - "name" : "23362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23362" - }, - { - "name" : "23411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23327" + }, + { + "name": "DSA-1232", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1232" + }, + { + "name": "SUSE-SA:2006:078", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html" + }, + { + "name": "21510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21510" + }, + { + "name": "MDKSA-2006:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230" + }, + { + "name": "23411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23411" + }, + { + "name": "23362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23362" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2048.json b/2007/2xxx/CVE-2007-2048.json index 867b1dcb92b..1b1b553e09b 100644 --- a/2007/2xxx/CVE-2007-2048.json +++ b/2007/2xxx/CVE-2007-2048.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 webMethods Glue Management Console Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465332/100/0/threaded" - }, - { - "name" : "20070417 webMethods Security Advisory: Glue console directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465993/100/0/threaded" - }, - { - "name" : "20070507 Updated: webMethods Security Advisory: Glue console directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467873/30/6720/threaded" - }, - { - "name" : "http://www.aushack.com/advisories/200704-webmethods.txt", - "refsource" : "MISC", - "url" : "http://www.aushack.com/advisories/200704-webmethods.txt" - }, - { - "name" : "23423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23423" - }, - { - "name" : "ADV-2007-1363", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1363" - }, - { - "name" : "1017926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017926" - }, - { - "name" : "24933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24933" - }, - { - "name" : "2589", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1363", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1363" + }, + { + "name": "23423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23423" + }, + { + "name": "2589", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2589" + }, + { + "name": "1017926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017926" + }, + { + "name": "20070417 webMethods Security Advisory: Glue console directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465993/100/0/threaded" + }, + { + "name": "http://www.aushack.com/advisories/200704-webmethods.txt", + "refsource": "MISC", + "url": "http://www.aushack.com/advisories/200704-webmethods.txt" + }, + { + "name": "24933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24933" + }, + { + "name": "20070411 webMethods Glue Management Console Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465332/100/0/threaded" + }, + { + "name": "20070507 Updated: webMethods Security Advisory: Glue console directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467873/30/6720/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2258.json b/2007/2xxx/CVE-2007-2258.json index 5c3c756b869..127c40d7db5 100644 --- a/2007/2xxx/CVE-2007-2258.json +++ b/2007/2xxx/CVE-2007-2258.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070423 PHPMyBibli <= Multiple Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466659/100/0/threaded" - }, - { - "name" : "23599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23599" - }, - { - "name" : "2622", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2622" - }, - { - "name" : "phpmybibli-initinc-file-include(33808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070423 PHPMyBibli <= Multiple Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466659/100/0/threaded" + }, + { + "name": "phpmybibli-initinc-file-include(33808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33808" + }, + { + "name": "23599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23599" + }, + { + "name": "2622", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2622" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2565.json b/2007/2xxx/CVE-2007-2565.json index 4e027c35502..6ed30b4bf4d 100644 --- a/2007/2xxx/CVE-2007-2565.json +++ b/2007/2xxx/CVE-2007-2565.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070424 ImageProcessing ... Local (Denial of Service Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466754/100/100/threaded" - }, - { - "name" : "20070424 Re: ImageProcessing ... Local (Denial of Service Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466786/100/100/threaded" - }, - { - "name" : "23629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23629" - }, - { - "name" : "39020", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39020" - }, - { - "name" : "2687", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070424 ImageProcessing ... Local (Denial of Service Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466754/100/100/threaded" + }, + { + "name": "2687", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2687" + }, + { + "name": "39020", + "refsource": "OSVDB", + "url": "http://osvdb.org/39020" + }, + { + "name": "23629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23629" + }, + { + "name": "20070424 Re: ImageProcessing ... Local (Denial of Service Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466786/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2840.json b/2007/2xxx/CVE-2007-2840.json index ce7188ea81b..47de9ff984a 100644 --- a/2007/2xxx/CVE-2007-2840.json +++ b/2007/2xxx/CVE-2007-2840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2840", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2840", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2941.json b/2007/2xxx/CVE-2007-2941.json index 95dbf5637c7..8c5f70fbbf8 100644 --- a/2007/2xxx/CVE-2007-2941.json +++ b/2007/2xxx/CVE-2007-2941.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3990" - }, - { - "name" : "24169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24169" - }, - { - "name" : "38084", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38084" - }, - { - "name" : "38085", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38085" - }, - { - "name" : "vbgsitemap-base-file-include(34531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3990" + }, + { + "name": "38084", + "refsource": "OSVDB", + "url": "http://osvdb.org/38084" + }, + { + "name": "38085", + "refsource": "OSVDB", + "url": "http://osvdb.org/38085" + }, + { + "name": "24169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24169" + }, + { + "name": "vbgsitemap-base-file-include(34531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34531" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3400.json b/2007/3xxx/CVE-2007-3400.json index 9ce576bc78a..dd4edb4227a 100644 --- a/2007/3xxx/CVE-2007-3400.json +++ b/2007/3xxx/CVE-2007-3400.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4101", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4101" - }, - { - "name" : "24613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24613" - }, - { - "name" : "ADV-2007-2351", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2351" - }, - { - "name" : "37674", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37674" - }, - { - "name" : "25825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25825" - }, - { - "name" : "nctaudioeditor-createfile-file-overwrite(35018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37674", + "refsource": "OSVDB", + "url": "http://osvdb.org/37674" + }, + { + "name": "24613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24613" + }, + { + "name": "4101", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4101" + }, + { + "name": "nctaudioeditor-createfile-file-overwrite(35018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35018" + }, + { + "name": "25825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25825" + }, + { + "name": "ADV-2007-2351", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2351" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3691.json b/2007/3xxx/CVE-2007-3691.json index 91515729b9f..ac3d6985904 100644 --- a/2007/3xxx/CVE-2007-3691.json +++ b/2007/3xxx/CVE-2007-3691.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 AVTutorial 1.0 changePW.php vulnerabilities", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-July/001705.html" - }, - { - "name" : "36298", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36298" - }, - { - "name" : "25969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25969" - }, - { - "name" : "avtutorialscript-changepw-sql-injection(35487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070710 AVTutorial 1.0 changePW.php vulnerabilities", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-July/001705.html" + }, + { + "name": "avtutorialscript-changepw-sql-injection(35487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35487" + }, + { + "name": "25969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25969" + }, + { + "name": "36298", + "refsource": "OSVDB", + "url": "http://osvdb.org/36298" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6349.json b/2007/6xxx/CVE-2007-6349.json index ce1c5c31e9b..335da81bb27 100644 --- a/2007/6xxx/CVE-2007-6349.json +++ b/2007/6xxx/CVE-2007-6349.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071218 SYMSA-2007-015", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485321/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt" - }, - { - "name" : "26806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26806" - }, - { - "name" : "39297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39297" - }, - { - "name" : "28158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28158" - }, - { - "name" : "3476", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3476" - }, - { - "name" : "p4web-contentlength-dos(39142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3476", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3476" + }, + { + "name": "28158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28158" + }, + { + "name": "39297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39297" + }, + { + "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt" + }, + { + "name": "26806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26806" + }, + { + "name": "p4web-contentlength-dos(39142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39142" + }, + { + "name": "20071218 SYMSA-2007-015", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485321/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6402.json b/2007/6xxx/CVE-2007-6402.json index 0a17adb8993..cc45c7ff20e 100644 --- a/2007/6xxx/CVE-2007-6402.json +++ b/2007/6xxx/CVE-2007-6402.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071208 Media Player Classic 6.4.9 MP4 Stack Overflow 0-day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484781/100/0/threaded" - }, - { - "name" : "20071210 Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484832/100/100/threaded" - }, - { - "name" : "26774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26774" - }, - { - "name" : "ADV-2007-4141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4141" - }, - { - "name" : "1019064", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26774" + }, + { + "name": "20071210 Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484832/100/100/threaded" + }, + { + "name": "ADV-2007-4141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4141" + }, + { + "name": "20071208 Media Player Classic 6.4.9 MP4 Stack Overflow 0-day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484781/100/0/threaded" + }, + { + "name": "1019064", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019064" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0777.json b/2010/0xxx/CVE-2010-0777.json index 141b515e981..4a672711d19 100644 --- a/2010/0xxx/CVE-2010-0777.json +++ b/2010/0xxx/CVE-2010-0777.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "PM06111", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111" - }, - { - "name" : "40277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40277" - }, - { - "name" : "39838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39838" - }, - { - "name" : "ADV-2010-1200", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1200" - }, - { - "name" : "was-webcontainer-info-disclosure(58557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "was-webcontainer-info-disclosure(58557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58557" + }, + { + "name": "39838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39838" + }, + { + "name": "40277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40277" + }, + { + "name": "PM06111", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111" + }, + { + "name": "ADV-2010-1200", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1200" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1193.json b/2010/1xxx/CVE-2010-1193.json index 4e6e1f3a5b7..be7c76eb0a3 100644 --- a/2010/1xxx/CVE-2010-1193.json +++ b/2010/1xxx/CVE-2010-1193.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000086.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0005.html" - }, - { - "name" : "39037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39037" - }, - { - "name" : "1023769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39037" + }, + { + "name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html" + }, + { + "name": "1023769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023769" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1293.json b/2010/1xxx/CVE-2010-1293.json index a16f2b9ebfe..e2a7d6e8a4d 100644 --- a/2010/1xxx/CVE-2010-1293.json +++ b/2010/1xxx/CVE-2010-1293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html" - }, - { - "name" : "39790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39790" - }, - { - "name" : "ADV-2010-1127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39790" + }, + { + "name": "ADV-2010-1127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1127" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1420.json b/2010/1xxx/CVE-2010-1420.json index 3c85aa5497f..c58bf9f9f01 100644 --- a/2010/1xxx/CVE-2010-1420.json +++ b/2010/1xxx/CVE-2010-1420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1632.json b/2010/1xxx/CVE-2010-1632.json index e440a4bb53d..5c666664949 100644 --- a/2010/1xxx/CVE-2010-1632.json +++ b/2010/1xxx/CVE-2010-1632.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://markmail.org/message/e4yiij7lfexastvl", - "refsource" : "MISC", - "url" : "http://markmail.org/message/e4yiij7lfexastvl" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21433581" - }, - { - "name" : "https://issues.apache.org/jira/browse/AXIS2-4450", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/AXIS2-4450" - }, - { - "name" : "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", - "refsource" : "CONFIRM", - "url" : "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf" - }, - { - "name" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html" - }, - { - "name" : "http://geronimo.apache.org/21x-security-report.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/21x-security-report.html" - }, - { - "name" : "http://geronimo.apache.org/22x-security-report.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/22x-security-report.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/GERONIMO-5383", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/GERONIMO-5383" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984" - }, - { - "name" : "PM14765", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765" - }, - { - "name" : "PM14844", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844" - }, - { - "name" : "PM14847", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847" - }, - { - "name" : "1036901", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036901" - }, - { - "name" : "40252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40252" - }, - { - "name" : "40279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40279" - }, - { - "name" : "41016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41016" - }, - { - "name" : "41025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41025" - }, - { - "name" : "ADV-2010-1528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1528" - }, - { - "name" : "ADV-2010-1531", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://markmail.org/message/e4yiij7lfexastvl", + "refsource": "MISC", + "url": "http://markmail.org/message/e4yiij7lfexastvl" + }, + { + "name": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html" + }, + { + "name": "PM14844", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844" + }, + { + "name": "ADV-2010-1528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1528" + }, + { + "name": "PM14765", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765" + }, + { + "name": "ADV-2010-1531", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1531" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581" + }, + { + "name": "PM14847", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984" + }, + { + "name": "41025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41025" + }, + { + "name": "http://geronimo.apache.org/22x-security-report.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/22x-security-report.html" + }, + { + "name": "1036901", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036901" + }, + { + "name": "https://issues.apache.org/jira/browse/AXIS2-4450", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/AXIS2-4450" + }, + { + "name": "41016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41016" + }, + { + "name": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", + "refsource": "CONFIRM", + "url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf" + }, + { + "name": "40279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40279" + }, + { + "name": "https://issues.apache.org/jira/browse/GERONIMO-5383", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/GERONIMO-5383" + }, + { + "name": "40252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40252" + }, + { + "name": "http://geronimo.apache.org/21x-security-report.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/21x-security-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1863.json b/2010/1xxx/CVE-2010-1863.json index ba9abba378d..c0ed591e69c 100644 --- a/2010/1xxx/CVE-2010-1863.json +++ b/2010/1xxx/CVE-2010-1863.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/04/mops-2010-007-clantiger-shoutbox-module-s_email-sql-injection-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/04/mops-2010-007-clantiger-shoutbox-module-s_email-sql-injection-vulnerability/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php-security.org/2010/05/04/mops-2010-007-clantiger-shoutbox-module-s_email-sql-injection-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/04/mops-2010-007-clantiger-shoutbox-module-s_email-sql-injection-vulnerability/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1962.json b/2010/1xxx/CVE-2010-1962.json index 6507b01c725..9f1a7b48cc8 100644 --- a/2010/1xxx/CVE-2010-1962.json +++ b/2010/1xxx/CVE-2010-1962.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.2.1.870.0 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02536", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557820805729&w=2" - }, - { - "name" : "SSRT100057", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557820805729&w=2" - }, - { - "name" : "HPSBMA02537", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127602909915281&w=2" - }, - { - "name" : "SSRT010027", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127602909915281&w=2" - }, - { - "name" : "40539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40539" - }, - { - "name" : "65142", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65142" - }, - { - "name" : "1024054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024054" - }, - { - "name" : "40044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40044" - }, - { - "name" : "ADV-2010-1319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1319" - }, - { - "name" : "hp-storageworks-mirroring-unauth-access(59099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.2.1.870.0 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02536", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557820805729&w=2" + }, + { + "name": "hp-storageworks-mirroring-unauth-access(59099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59099" + }, + { + "name": "1024054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024054" + }, + { + "name": "HPSBMA02537", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127602909915281&w=2" + }, + { + "name": "40044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40044" + }, + { + "name": "SSRT100057", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557820805729&w=2" + }, + { + "name": "40539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40539" + }, + { + "name": "ADV-2010-1319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1319" + }, + { + "name": "65142", + "refsource": "OSVDB", + "url": "http://osvdb.org/65142" + }, + { + "name": "SSRT010027", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127602909915281&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5086.json b/2010/5xxx/CVE-2010-5086.json index c5d293a6a4a..640131789fd 100644 --- a/2010/5xxx/CVE-2010-5086.json +++ b/2010/5xxx/CVE-2010-5086.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18530", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18530" - }, - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/bit-weaver-27-local-file-inclusion.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/bit-weaver-27-local-file-inclusion.html" - }, - { - "name" : "52176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52176" - }, - { - "name" : "40432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40432" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/bit-weaver-27-local-file-inclusion.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/bit-weaver-27-local-file-inclusion.html" + }, + { + "name": "18530", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18530" + }, + { + "name": "52176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52176" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5324.json b/2010/5xxx/CVE-2010-5324.json index ad9690affb7..7ceac9c1e9f 100644 --- a/2010/5xxx/CVE-2010-5324.json +++ b/2010/5xxx/CVE-2010-5324.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html", - "refsource" : "MISC", - "url" : "http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-078/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-078/" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=578911", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=578911" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7005573", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7005573" - }, - { - "name" : "39114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7005573", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7005573" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-078/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-078/" + }, + { + "name": "http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html", + "refsource": "MISC", + "url": "http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html" + }, + { + "name": "39114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39114" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=578911", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=578911" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0231.json b/2014/0xxx/CVE-2014-0231.json index 812ca9d4986..4e8c9ddeaed 100644 --- a/2014/0xxx/CVE-2014-0231.json +++ b/2014/0xxx/CVE-2014-0231.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1120596", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0304.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0304.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0305.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0305.html" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" - }, - { - "name" : "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-0231", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-0231" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-2989", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2989" - }, - { - "name" : "GLSA-201504-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-03" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "HPSBUX03337", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "HPSBUX03512", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144493176821532&w=2" - }, - { - "name" : "SSRT102066", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "SSRT102254", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144493176821532&w=2" - }, - { - "name" : "MDVSA-2014:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" - }, - { - "name" : "RHSA-2014:1019", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1019.html" - }, - { - "name" : "RHSA-2014:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1020.html" - }, - { - "name" : "RHSA-2014:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1021.html" - }, - { - "name" : "68742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68742" - }, - { - "name" : "60536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c" + }, + { + "name": "HPSBUX03512", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0305.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0305.html" + }, + { + "name": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" + }, + { + "name": "DSA-2989", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2989" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h" + }, + { + "name": "GLSA-201504-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-03" + }, + { + "name": "RHSA-2014:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" + }, + { + "name": "https://puppet.com/security/cve/cve-2014-0231", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-0231" + }, + { + "name": "60536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60536" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "SSRT102066", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" + }, + { + "name": "RHSA-2014:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" + }, + { + "name": "SSRT102254", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "68742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68742" + }, + { + "name": "MDVSA-2014:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" + }, + { + "name": "RHSA-2014:1019", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0304.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0304.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" + }, + { + "name": "HPSBUX03337", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0464.json b/2014/0xxx/CVE-2014-0464.json index 3117c0f74ac..97e63decca8 100644 --- a/2014/0xxx/CVE-2014-0464.json +++ b/2014/0xxx/CVE-2014-0464.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "66913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66913" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0907.json b/2014/0xxx/CVE-2014-0907.json index cb989b9156b..c558905c7ca 100644 --- a/2014/0xxx/CVE-2014-0907.json +++ b/2014/0xxx/CVE-2014-0907.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/7" - }, - { - "name" : "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg1IT00686", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IT00686" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21610582#4", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21610582#4" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21672100", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21672100" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680454", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680454" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21676135", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21676135" - }, - { - "name" : "IT00627", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627" - }, - { - "name" : "IT00684", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684" - }, - { - "name" : "IT00685", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685" - }, - { - "name" : "IT00686", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686" - }, - { - "name" : "IT00687", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687" - }, - { - "name" : "67617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67617" - }, - { - "name" : "1030670", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030670" - }, - { - "name" : "1030671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030671" - }, - { - "name" : "59451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59451" - }, - { - "name" : "59463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59463" - }, - { - "name" : "60482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60482" - }, - { - "name" : "ibm-cve20140907-priv-escalation(91869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/7" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135" + }, + { + "name": "IT00686", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21672100", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" + }, + { + "name": "59463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59463" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4" + }, + { + "name": "1030670", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030670" + }, + { + "name": "67617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67617" + }, + { + "name": "IT00685", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454" + }, + { + "name": "1030671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030671" + }, + { + "name": "ibm-cve20140907-priv-escalation(91869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869" + }, + { + "name": "60482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60482" + }, + { + "name": "59451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59451" + }, + { + "name": "IT00687", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687" + }, + { + "name": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html" + }, + { + "name": "IT00684", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684" + }, + { + "name": "IT00627", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0988.json b/2014/0xxx/CVE-2014-0988.json index 2bf9c34bad0..281a6285a29 100644 --- a/2014/0xxx/CVE-2014-0988.json +++ b/2014/0xxx/CVE-2014-0988.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01" - }, - { - "name" : "69533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69533" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1362.json b/2014/1xxx/CVE-2014-1362.json index f7ba8417ca3..f56a1d16d08 100644 --- a/2014/1xxx/CVE-2014-1362.json +++ b/2014/1xxx/CVE-2014-1362.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-06-30-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030495", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030495" - }, - { - "name" : "59481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "59481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59481" + }, + { + "name": "1030495", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030495" + }, + { + "name": "APPLE-SA-2014-06-30-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1571.json b/2014/1xxx/CVE-2014-1571.json index 6915f3dd385..7e5d134e067 100644 --- a/2014/1xxx/CVE-2014-1571.json +++ b/2014/1xxx/CVE-2014-1571.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html" - }, - { - "name" : "http://www.bugzilla.org/security/4.0.14/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/4.0.14/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064140", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064140" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0412.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0412.html" - }, - { - "name" : "FEDORA-2014-12530", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html" - }, - { - "name" : "FEDORA-2014-12584", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html" - }, - { - "name" : "FEDORA-2014-12591", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html" - }, - { - "name" : "MDVSA-2014:200", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:200" - }, - { - "name" : "1030978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064140", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064140" + }, + { + "name": "MDVSA-2014:200", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:200" + }, + { + "name": "http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html" + }, + { + "name": "FEDORA-2014-12591", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0412.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0412.html" + }, + { + "name": "http://www.bugzilla.org/security/4.0.14/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/4.0.14/" + }, + { + "name": "FEDORA-2014-12584", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html" + }, + { + "name": "FEDORA-2014-12530", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html" + }, + { + "name": "1030978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030978" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1848.json b/2014/1xxx/CVE-2014-1848.json index 777355f70a1..a4054b3d80f 100644 --- a/2014/1xxx/CVE-2014-1848.json +++ b/2014/1xxx/CVE-2014-1848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1958.json b/2014/1xxx/CVE-2014-1958.json index c3b73c34adb..8dd25ee563e 100644 --- a/2014/1xxx/CVE-2014-1958.json +++ b/2014/1xxx/CVE-2014-1958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1961.json b/2014/1xxx/CVE-2014-1961.json index e3ccf5b20e0..6eec5e7b715 100644 --- a/2014/1xxx/CVE-2014-1961.json +++ b/2014/1xxx/CVE-2014-1961.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1852146", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1852146" - }, - { - "name" : "56947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56947" - }, - { - "name" : "netweaver-webdyn-path-disclosure(91096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56947" + }, + { + "name": "netweaver-webdyn-path-disclosure(91096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91096" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://service.sap.com/sap/support/notes/1852146", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1852146" + }, + { + "name": "https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4198.json b/2014/4xxx/CVE-2014-4198.json index 6d6e29ce4cf..1edf469bc69 100644 --- a/2014/4xxx/CVE-2014-4198.json +++ b/2014/4xxx/CVE-2014-4198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4198", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5009.json b/2014/5xxx/CVE-2014-5009.json index 3bc3540b82b..1baf244431a 100644 --- a/2014/5xxx/CVE-2014-5009.json +++ b/2014/5xxx/CVE-2014-5009.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/09/11" - }, - { - "name" : "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/16/10" - }, - { - "name" : "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/18/2" - }, - { - "name" : "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706", - "refsource" : "MISC", - "url" : "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264", - "refsource" : "MISC", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264" - }, - { - "name" : "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29", - "refsource" : "CONFIRM", - "url" : "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1121497", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1121497" - }, - { - "name" : "RHSA-2017:0211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0211.html" - }, - { - "name" : "RHSA-2017:0212", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0212.html" - }, - { - "name" : "RHSA-2017:0213", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0213.html" - }, - { - "name" : "RHSA-2017:0214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0214.html" - }, - { - "name" : "68783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68783" - }, - { - "name" : "snoopy-cve20145009-command-exec(94738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/09/11" + }, + { + "name": "68783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68783" + }, + { + "name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/18/2" + }, + { + "name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29", + "refsource": "CONFIRM", + "url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29" + }, + { + "name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/16/10" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264", + "refsource": "MISC", + "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264" + }, + { + "name": "RHSA-2017:0212", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html" + }, + { + "name": "RHSA-2017:0213", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497" + }, + { + "name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706", + "refsource": "MISC", + "url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706" + }, + { + "name": "snoopy-cve20145009-command-exec(94738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738" + }, + { + "name": "RHSA-2017:0214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html" + }, + { + "name": "RHSA-2017:0211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5112.json b/2014/5xxx/CVE-2014-5112.json index 26014ccd78c..e87af124ab4 100644 --- a/2014/5xxx/CVE-2014-5112.json +++ b/2014/5xxx/CVE-2014-5112.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2111.json b/2015/2xxx/CVE-2015-2111.json index 437b4f76ee3..a3400e7f2dd 100644 --- a/2015/2xxx/CVE-2015-2111.json +++ b/2015/2xxx/CVE-2015-2111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN03307", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04626732" - }, - { - "name" : "SSRT101588", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04626732" - }, - { - "name" : "73481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101588", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04626732" + }, + { + "name": "73481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73481" + }, + { + "name": "HPSBGN03307", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04626732" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10044.json b/2016/10xxx/CVE-2016-10044.json index 98b036a1654..7d2f3dfcb8e 100644 --- a/2016/10xxx/CVE-2016-10044.json +++ b/2016/10xxx/CVE-2016-10044.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a" - }, - { - "name" : "http://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7" - }, - { - "name" : "https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a" - }, - { - "name" : "96122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96122" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "http://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2017-02-01.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a" + }, + { + "name": "96122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96122" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10271.json b/2016/10xxx/CVE-2016-10271.json index efb162742c4..846c8001b15 100644 --- a/2016/10xxx/CVE-2016-10271.json +++ b/2016/10xxx/CVE-2016-10271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" - }, - { - "name" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", - "refsource" : "MISC", - "url" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" - }, - { - "name" : "97199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" + }, + { + "name": "97199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97199" + }, + { + "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", + "refsource": "MISC", + "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10516.json b/2016/10xxx/CVE-2016-10516.json index 870a3563a62..6bcfce7f534 100644 --- a/2016/10xxx/CVE-2016-10516.json +++ b/2016/10xxx/CVE-2016-10516.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171124 [SECURITY] [DLA 1191-1] python-werkzeug security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html" - }, - { - "name" : "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", - "refsource" : "MISC", - "url" : "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/" - }, - { - "name" : "https://github.com/pallets/werkzeug/pull/1001", - "refsource" : "MISC", - "url" : "https://github.com/pallets/werkzeug/pull/1001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", + "refsource": "MISC", + "url": "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/" + }, + { + "name": "[debian-lts-announce] 20171124 [SECURITY] [DLA 1191-1] python-werkzeug security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html" + }, + { + "name": "https://github.com/pallets/werkzeug/pull/1001", + "refsource": "MISC", + "url": "https://github.com/pallets/werkzeug/pull/1001" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10552.json b/2016/10xxx/CVE-2016-10552.json index b82f38ecf63..02584132f77 100644 --- a/2016/10xxx/CVE-2016-10552.json +++ b/2016/10xxx/CVE-2016-10552.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "igniteui node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "igniteui node module", + "version": { + "version_data": [ + { + "version_value": "<=0.0.5" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/116", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/116", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/116" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3171.json b/2016/3xxx/CVE-2016-3171.json index cef4e520c73..fc7eb2b7735 100644 --- a/2016/3xxx/CVE-2016-3171.json +++ b/2016/3xxx/CVE-2016-3171.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/19" - }, - { - "name" : "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/10" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2016-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-001" - }, - { - "name" : "DSA-3498", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" + }, + { + "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" + }, + { + "name": "DSA-3498", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3498" + }, + { + "name": "https://www.drupal.org/SA-CORE-2016-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-001" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3705.json b/2016/3xxx/CVE-2016-3705.json index 0dcd43d0469..c9b24c37633 100644 --- a/2016/3xxx/CVE-2016-3705.json +++ b/2016/3xxx/CVE-2016-3705.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/10" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=765207", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=765207" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "DSA-3593", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3593" - }, - { - "name" : "GLSA-201701-37", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-37" - }, - { - "name" : "RHSA-2016:1292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1292" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "openSUSE-SU-2016:1298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html" - }, - { - "name" : "openSUSE-SU-2016:1446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html" - }, - { - "name" : "USN-2994-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2994-1" - }, - { - "name" : "89854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/10" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170" + }, + { + "name": "openSUSE-SU-2016:1446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html" + }, + { + "name": "openSUSE-SU-2016:1298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html" + }, + { + "name": "RHSA-2016:1292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1292" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "DSA-3593", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3593" + }, + { + "name": "USN-2994-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2994-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=765207", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207" + }, + { + "name": "89854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89854" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "GLSA-201701-37", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-37" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3724.json b/2016/3xxx/CVE-2016-3724.json index 19249095a2a..a3804d4bd73 100644 --- a/2016/3xxx/CVE-2016-3724.json +++ b/2016/3xxx/CVE-2016-3724.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" - }, - { - "name" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" - }, - { - "name" : "RHSA-2016:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1206" - }, - { - "name" : "RHSA-2016:1773", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1773.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", + "refsource": "CONFIRM", + "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" + }, + { + "name": "RHSA-2016:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1206" + }, + { + "name": "RHSA-2016:1773", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3828.json b/2016/3xxx/CVE-2016-3828.json index 4b0ceecc59a..b2714f8bfcb 100644 --- a/2016/3xxx/CVE-2016-3828.json +++ b/2016/3xxx/CVE-2016-3828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2" - }, - { - "name" : "92221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92221" + }, + { + "name": "https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4377.json b/2016/4xxx/CVE-2016-4377.json index fb7490b7600..5ea63b9d033 100644 --- a/2016/4xxx/CVE-2016-4377.json +++ b/2016/4xxx/CVE-2016-4377.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578" - }, - { - "name" : "92479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92479" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8108.json b/2016/8xxx/CVE-2016-8108.json index 2095976ddac..a5224fbf49c 100644 --- a/2016/8xxx/CVE-2016-8108.json +++ b/2016/8xxx/CVE-2016-8108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8230.json b/2016/8xxx/CVE-2016-8230.json index 16c593e915d..a01499729ab 100644 --- a/2016/8xxx/CVE-2016-8230.json +++ b/2016/8xxx/CVE-2016-8230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Service Bridge", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than version 4" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure HTTP connection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "version_value": "Earlier than version 4" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-10149", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-10149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure HTTP connection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-10149", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-10149" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8361.json b/2016/8xxx/CVE-2016-8361.json index 521a25d83a6..128a1432933 100644 --- a/2016/8xxx/CVE-2016-8361.json +++ b/2016/8xxx/CVE-2016-8361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older", - "version" : { - "version_data" : [ - { - "version_value" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lynxspring JENEsys BAS Bridge no password" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lynxspring JENEsys BAS Bridge 1.1.8 and older", + "version": { + "version_data": [ + { + "version_value": "Lynxspring JENEsys BAS Bridge 1.1.8 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" - }, - { - "name" : "94344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lynxspring JENEsys BAS Bridge no password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94344" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8669.json b/2016/8xxx/CVE-2016-8669.json index 142fade6125..af3407b6c9f 100644 --- a/2016/8xxx/CVE-2016-8669.json +++ b/2016/8xxx/CVE-2016-8669.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/14/9" - }, - { - "name" : "[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/15/5" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01" - }, - { - "name" : "GLSA-201611-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-11" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "GLSA-201611-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-11" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01" + }, + { + "name": "[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/14/9" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "93563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93563" + }, + { + "name": "[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/15/5" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8773.json b/2016/8xxx/CVE-2016-8773.json index f8e113d27ea..8292c0ebbce 100644 --- a/2016/8xxx/CVE-2016-8773.json +++ b/2016/8xxx/CVE-2016-8773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00", - "version" : { - "version_data" : [ - { - "version_value" : "S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "input validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00", + "version": { + "version_data": [ + { + "version_value": "S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en" - }, - { - "name" : "94285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en" + }, + { + "name": "94285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94285" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9092.json b/2016/9xxx/CVE-2016-9092.json index d0580f590a1..1c04ef8e8ad 100644 --- a/2016/9xxx/CVE-2016-9092.json +++ b/2016/9xxx/CVE-2016-9092.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-05-17T00:00:00", - "ID" : "CVE-2016-9092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Content Analysis (CA)", - "version" : { - "version_data" : [ - { - "version_value" : "1.3" - }, - { - "version_value" : "2.x prior to 2.2.1.1" - } - ] - } - }, - { - "product_name" : "Mail Threat Defense (MTD)", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-05-17T00:00:00", + "ID": "CVE-2016-9092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Content Analysis (CA)", + "version": { + "version_data": [ + { + "version_value": "1.3" + }, + { + "version_value": "2.x prior to 2.2.1.1" + } + ] + } + }, + { + "product_name": "Mail Threat Defense (MTD)", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA149", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA149" - }, - { - "name" : "104182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104182" + }, + { + "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA149", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA149" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9217.json b/2016/9xxx/CVE-2016-9217.json index e4faf61aef1..f7209f03628 100644 --- a/2016/9xxx/CVE-2016-9217.json +++ b/2016/9xxx/CVE-2016-9217.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers 7.3(0)ZN(0.99)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers 7.3(0)ZN(0.99)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers 7.3(0)ZN(0.99)", + "version": { + "version_data": [ + { + "version_value": "Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers 7.3(0)ZN(0.99)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf" - }, - { - "name" : "95023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95023" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9468.json b/2016/9xxx/CVE-2016-9468.json index a7da84bb335..ee56ed5a037 100644 --- a/2016/9xxx/CVE-2016-9468.json +++ b/2016/9xxx/CVE-2016-9468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2", - "version" : { - "version_data" : [ - { - "version_value" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "User Interface (UI) Misrepresentation of Critical Information (CWE-451)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2", + "version": { + "version_data": [ + { + "version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f" - }, - { - "name" : "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e" - }, - { - "name" : "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e", - "refsource" : "MISC", - "url" : "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e" - }, - { - "name" : "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35", - "refsource" : "MISC", - "url" : "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35" - }, - { - "name" : "https://hackerone.com/reports/149798", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/149798" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011", - "refsource" : "MISC", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011" - }, - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-021", - "refsource" : "MISC", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021", + "refsource": "MISC", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021" + }, + { + "name": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e" + }, + { + "name": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f" + }, + { + "name": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e", + "refsource": "MISC", + "url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e" + }, + { + "name": "https://hackerone.com/reports/149798", + "refsource": "MISC", + "url": "https://hackerone.com/reports/149798" + }, + { + "name": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35", + "refsource": "MISC", + "url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35" + }, + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011", + "refsource": "MISC", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9980.json b/2016/9xxx/CVE-2016-9980.json index c1d3e0e61d0..4c8a9b9dc30 100644 --- a/2016/9xxx/CVE-2016-9980.json +++ b/2016/9xxx/CVE-2016-9980.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Curam Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Curam Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001779", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001779" - }, - { - "name" : "98005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98005" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001779", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001779" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2019.json b/2019/2xxx/CVE-2019-2019.json index 957eefe8d11..b33547460f4 100644 --- a/2019/2xxx/CVE-2019-2019.json +++ b/2019/2xxx/CVE-2019-2019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2183.json b/2019/2xxx/CVE-2019-2183.json index 8325a73482e..1696039a897 100644 --- a/2019/2xxx/CVE-2019-2183.json +++ b/2019/2xxx/CVE-2019-2183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2593.json b/2019/2xxx/CVE-2019-2593.json index aaf947e34c8..eb7712cb306 100644 --- a/2019/2xxx/CVE-2019-2593.json +++ b/2019/2xxx/CVE-2019-2593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2861.json b/2019/2xxx/CVE-2019-2861.json index 7ee6592a88b..f6a8dc55e2a 100644 --- a/2019/2xxx/CVE-2019-2861.json +++ b/2019/2xxx/CVE-2019-2861.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2861", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6082.json b/2019/6xxx/CVE-2019-6082.json index 5ed0cb3205c..ccc378f0ad7 100644 --- a/2019/6xxx/CVE-2019-6082.json +++ b/2019/6xxx/CVE-2019-6082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6101.json b/2019/6xxx/CVE-2019-6101.json index 5e4cc97c3cf..57e2fdb054d 100644 --- a/2019/6xxx/CVE-2019-6101.json +++ b/2019/6xxx/CVE-2019-6101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6101", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6101", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6560.json b/2019/6xxx/CVE-2019-6560.json index 86300648d83..7201e9c1cca 100644 --- a/2019/6xxx/CVE-2019-6560.json +++ b/2019/6xxx/CVE-2019-6560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6842.json b/2019/6xxx/CVE-2019-6842.json index 0c8eb9ec1c7..3db05dcfe52 100644 --- a/2019/6xxx/CVE-2019-6842.json +++ b/2019/6xxx/CVE-2019-6842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7246.json b/2019/7xxx/CVE-2019-7246.json index 8847cb5dcd3..9603dfefe46 100644 --- a/2019/7xxx/CVE-2019-7246.json +++ b/2019/7xxx/CVE-2019-7246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file