diff --git a/2006/0xxx/CVE-2006-0032.json b/2006/0xxx/CVE-2006-0032.json index 795a83256ed..a1e471b85e3 100644 --- a/2006/0xxx/CVE-2006-0032.json +++ b/2006/0xxx/CVE-2006-0032.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447511/100/0/threaded" - }, - { - "name" : "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447509/100/0/threaded" - }, - { - "name" : "http://www.geocities.jp/ptrs_sec/advisory09e.html", - "refsource" : "MISC", - "url" : "http://www.geocities.jp/ptrs_sec/advisory09e.html" - }, - { - "name" : "HPSBST02134", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded" - }, - { - "name" : "SSRT061187", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded" - }, - { - "name" : "MS06-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053" - }, - { - "name" : "TA06-255A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-255A.html" - }, - { - "name" : "VU#108884", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/108884" - }, - { - "name" : "19927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19927" - }, - { - "name" : "ADV-2006-3564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3564" - }, - { - "name" : "oval:org.mitre.oval:def:535", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535" - }, - { - "name" : "1016826", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016826" - }, - { - "name" : "21861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21861" - }, - { - "name" : "ms-indexing-service-xss(28651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded" + }, + { + "name": "ms-indexing-service-xss(28651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651" + }, + { + "name": "oval:org.mitre.oval:def:535", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535" + }, + { + "name": "ADV-2006-3564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3564" + }, + { + "name": "VU#108884", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/108884" + }, + { + "name": "1016826", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016826" + }, + { + "name": "TA06-255A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html" + }, + { + "name": "MS06-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053" + }, + { + "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded" + }, + { + "name": "http://www.geocities.jp/ptrs_sec/advisory09e.html", + "refsource": "MISC", + "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html" + }, + { + "name": "19927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19927" + }, + { + "name": "SSRT061187", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded" + }, + { + "name": "21861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21861" + }, + { + "name": "HPSBST02134", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0104.json b/2006/0xxx/CVE-2006-0104.json index 38fbae8b405..d41daed33f4 100644 --- a/2006/0xxx/CVE-2006-0104.json +++ b/2006/0xxx/CVE-2006-0104.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420933/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/14/exploit.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/14/exploit.html" - }, - { - "name" : "http://evuln.com/vulns/14/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/14/summary.html" - }, - { - "name" : "16163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16163" - }, - { - "name" : "ADV-2006-0054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0054" - }, - { - "name" : "22258", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22258" - }, - { - "name" : "1015436", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015436" - }, - { - "name" : "18293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18293" - }, - { - "name" : "320", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evuln.com/vulns/14/exploit.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/14/exploit.html" + }, + { + "name": "1015436", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015436" + }, + { + "name": "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420933/100/0/threaded" + }, + { + "name": "ADV-2006-0054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0054" + }, + { + "name": "18293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18293" + }, + { + "name": "320", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/320" + }, + { + "name": "http://evuln.com/vulns/14/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/14/summary.html" + }, + { + "name": "16163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16163" + }, + { + "name": "22258", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22258" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0482.json b/2006/0xxx/CVE-2006-0482.json index f0b223b3683..8faea909185 100644 --- a/2006/0xxx/CVE-2006-0482.json +++ b/2006/0xxx/CVE-2006-0482.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a \"date -s\" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-sparc] 20060128 `date -s' on sparc64", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-sparc/2006/01/msg00129.html" - }, - { - "name" : "[linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-sparc&m=113861010514065&w=2" - }, - { - "name" : "[linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-sparc&m=113861287813463&w=2" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "ADV-2006-0418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0418" - }, - { - "name" : "17216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17216" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "kernel-date-s-dos(24475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a \"date -s\" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-sparc&m=113861010514065&w=2" + }, + { + "name": "[linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-sparc&m=113861287813463&w=2" + }, + { + "name": "[debian-sparc] 20060128 `date -s' on sparc64", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-sparc/2006/01/msg00129.html" + }, + { + "name": "kernel-date-s-dos(24475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24475" + }, + { + "name": "17216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17216" + }, + { + "name": "ADV-2006-0418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0418" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0855.json b/2006/0xxx/CVE-2006-0855.json index 47c57154ba7..87150b1f3a5 100644 --- a/2006/0xxx/CVE-2006-0855.json +++ b/2006/0xxx/CVE-2006-0855.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 zoo contains exploitable buffer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425887/100/0/threaded" - }, - { - "name" : "http://www.guay-leroux.com/projects/zoo-advisory.txt", - "refsource" : "MISC", - "url" : "http://www.guay-leroux.com/projects/zoo-advisory.txt" - }, - { - "name" : "20060403 Barracuda ZOO archiver security bug leads to remote compromise", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html" - }, - { - "name" : "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt", - "refsource" : "MISC", - "url" : "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt" - }, - { - "name" : "DSA-991", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-991" - }, - { - "name" : "GLSA-200603-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "SUSE-SR:2006:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_06_sr.html" - }, - { - "name" : "16790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16790" - }, - { - "name" : "ADV-2006-0705", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0705" - }, - { - "name" : "ADV-2006-1220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1220" - }, - { - "name" : "1015668", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015668" - }, - { - "name" : "1015866", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015866" - }, - { - "name" : "19002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19002" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "19148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19148" - }, - { - "name" : "19166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19166" - }, - { - "name" : "19408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19408" - }, - { - "name" : "19514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19514" - }, - { - "name" : "546", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/546" - }, - { - "name" : "zoo-misc-bo(24904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015866", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015866" + }, + { + "name": "19408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19408" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "19166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19166" + }, + { + "name": "SUSE-SR:2006:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_06_sr.html" + }, + { + "name": "ADV-2006-1220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1220" + }, + { + "name": "19514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19514" + }, + { + "name": "546", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/546" + }, + { + "name": "GLSA-200603-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml" + }, + { + "name": "1015668", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015668" + }, + { + "name": "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt", + "refsource": "MISC", + "url": "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "zoo-misc-bo(24904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24904" + }, + { + "name": "ADV-2006-0705", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0705" + }, + { + "name": "http://www.guay-leroux.com/projects/zoo-advisory.txt", + "refsource": "MISC", + "url": "http://www.guay-leroux.com/projects/zoo-advisory.txt" + }, + { + "name": "DSA-991", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-991" + }, + { + "name": "20060403 Barracuda ZOO archiver security bug leads to remote compromise", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html" + }, + { + "name": "20060223 zoo contains exploitable buffer overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425887/100/0/threaded" + }, + { + "name": "19002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19002" + }, + { + "name": "19148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19148" + }, + { + "name": "16790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16790" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1321.json b/2006/1xxx/CVE-2006-1321.json index a2126451c30..b71b815c9d8 100644 --- a/2006/1xxx/CVE-2006-1321.json +++ b/2006/1xxx/CVE-2006-1321.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130", - "refsource" : "CONFIRM", - "url" : "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130" - }, - { - "name" : "17212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17212" - }, - { - "name" : "19309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19309" - }, - { - "name" : "webcheck-content-xss(25428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19309" + }, + { + "name": "webcheck-content-xss(25428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25428" + }, + { + "name": "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130", + "refsource": "CONFIRM", + "url": "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130" + }, + { + "name": "17212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17212" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1687.json b/2006/1xxx/CVE-2006-1687.json index 0bef3c23ad3..6c5da6ebebe 100644 --- a/2006/1xxx/CVE-2006-1687.json +++ b/2006/1xxx/CVE-2006-1687.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html" - }, - { - "name" : "ADV-2006-1293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1293" - }, - { - "name" : "19592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19592" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html" + }, + { + "name": "ADV-2006-1293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1293" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1711.json b/2006/1xxx/CVE-2006-1711.json index 3f297dab45f..5e65a559e44 100644 --- a/2006/1xxx/CVE-2006-1711.json +++ b/2006/1xxx/CVE-2006-1711.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt", - "refsource" : "CONFIRM", - "url" : "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt" - }, - { - "name" : "http://dev.plone.org/plone/ticket/5432", - "refsource" : "MISC", - "url" : "http://dev.plone.org/plone/ticket/5432" - }, - { - "name" : "DSA-1032", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1032" - }, - { - "name" : "17484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17484" - }, - { - "name" : "ADV-2006-1340", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1340" - }, - { - "name" : "19633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19633" - }, - { - "name" : "19640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19640" - }, - { - "name" : "plone-memberid-data-manipulation(25781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.plone.org/plone/ticket/5432", + "refsource": "MISC", + "url": "http://dev.plone.org/plone/ticket/5432" + }, + { + "name": "19633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19633" + }, + { + "name": "17484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17484" + }, + { + "name": "DSA-1032", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1032" + }, + { + "name": "19640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19640" + }, + { + "name": "ADV-2006-1340", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1340" + }, + { + "name": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt", + "refsource": "CONFIRM", + "url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt" + }, + { + "name": "plone-memberid-data-manipulation(25781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1787.json b/2006/1xxx/CVE-2006-1787.json index 66275189c74..154ed324d6d 100644 --- a/2006/1xxx/CVE-2006-1787.json +++ b/2006/1xxx/CVE-2006-1787.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430869/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-68/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-68/advisory/" - }, - { - "name" : "http://www.adobe.com/support/techdocs/322699.html", - "refsource" : "MISC", - "url" : "http://www.adobe.com/support/techdocs/322699.html" - }, - { - "name" : "http://www.adobe.com/support/techdocs/331915.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/331915.html" - }, - { - "name" : "17500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17500" - }, - { - "name" : "ADV-2006-1342", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1342" - }, - { - "name" : "15924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15924" - }, - { - "name" : "adobe-jsessionid-information-disclosure(25773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded" + }, + { + "name": "http://www.adobe.com/support/techdocs/331915.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/331915.html" + }, + { + "name": "adobe-jsessionid-information-disclosure(25773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25773" + }, + { + "name": "http://www.adobe.com/support/techdocs/322699.html", + "refsource": "MISC", + "url": "http://www.adobe.com/support/techdocs/322699.html" + }, + { + "name": "15924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15924" + }, + { + "name": "http://secunia.com/secunia_research/2005-68/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-68/advisory/" + }, + { + "name": "ADV-2006-1342", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1342" + }, + { + "name": "17500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17500" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5103.json b/2006/5xxx/CVE-2006-5103.json index a87567e3861..94b4b7283a9 100644 --- a/2006/5xxx/CVE-2006-5103.json +++ b/2006/5xxx/CVE-2006-5103.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the \"right\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061015 bbsNew ( File Include Vulnerability Exploit )", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-10/0244.html" - }, - { - "name" : "20061028 bbsNew => 2.0.1 Remote File Include Vulnerability Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450027/100/100/threaded" - }, - { - "name" : "20204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20204" - }, - { - "name" : "bbsnew-index2-file-include(29580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the \"right\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061015 bbsNew ( File Include Vulnerability Exploit )", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0244.html" + }, + { + "name": "20204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20204" + }, + { + "name": "bbsnew-index2-file-include(29580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29580" + }, + { + "name": "20061028 bbsNew => 2.0.1 Remote File Include Vulnerability Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450027/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5148.json b/2006/5xxx/CVE-2006-5148.json index 6411083b6c0..0ce5f75dffd 100644 --- a/2006/5xxx/CVE-2006-5148.json +++ b/2006/5xxx/CVE-2006-5148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2459", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2459" - }, - { - "name" : "20291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20291" - }, - { - "name" : "ADV-2006-3865", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3865" - }, - { - "name" : "22214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20291" + }, + { + "name": "22214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22214" + }, + { + "name": "ADV-2006-3865", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3865" + }, + { + "name": "2459", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2459" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5150.json b/2006/5xxx/CVE-2006-5150.json index 72c6318def6..2b784b6cf46 100644 --- a/2006/5xxx/CVE-2006-5150.json +++ b/2006/5xxx/CVE-2006-5150.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=451780", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=451780" - }, - { - "name" : "20301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20301" - }, - { - "name" : "ADV-2006-3867", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3867" - }, - { - "name" : "22238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22238" - }, - { - "name" : "openbiblio-report-sql-injection(29318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openbiblio-report-sql-injection(29318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29318" + }, + { + "name": "ADV-2006-3867", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3867" + }, + { + "name": "22238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22238" + }, + { + "name": "20301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20301" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=451780", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=451780" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5204.json b/2006/5xxx/CVE-2006-5204.json index fda6235adad..f6afdfa76a5 100644 --- a/2006/5xxx/CVE-2006-5204.json +++ b/2006/5xxx/CVE-2006-5204.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061004 Invision Power Board Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447710/100/0/threaded" - }, - { - "name" : "http://forums.invisionpower.com/index.php?showtopic=227937", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/index.php?showtopic=227937" - }, - { - "name" : "ADV-2006-3927", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3927" - }, - { - "name" : "22272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22272" - }, - { - "name" : "ipb-avatar-image-xss(29351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3927", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3927" + }, + { + "name": "ipb-avatar-image-xss(29351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351" + }, + { + "name": "22272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22272" + }, + { + "name": "http://forums.invisionpower.com/index.php?showtopic=227937", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/index.php?showtopic=227937" + }, + { + "name": "20061004 Invision Power Board Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5937.json b/2006/5xxx/CVE-2006-5937.json index 48cb632af2e..a91f3be6ae7 100644 --- a/2006/5xxx/CVE-2006-5937.json +++ b/2006/5xxx/CVE-2006-5937.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116343152030074&w=2" - }, - { - "name" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01", - "refsource" : "CONFIRM", - "url" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01" - }, - { - "name" : "ADV-2006-4498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4498" - }, - { - "name" : "22811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01", + "refsource": "CONFIRM", + "url": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01" + }, + { + "name": "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116343152030074&w=2" + }, + { + "name": "ADV-2006-4498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4498" + }, + { + "name": "22811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22811" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2746.json b/2007/2xxx/CVE-2007-2746.json index ca402bf0d5e..a470150a760 100644 --- a/2007/2xxx/CVE-2007-2746.json +++ b/2007/2xxx/CVE-2007-2746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.plainblack.com/bugs/tracker/dataform-security-bug", - "refsource" : "CONFIRM", - "url" : "http://www.plainblack.com/bugs/tracker/dataform-security-bug" - }, - { - "name" : "ADV-2007-1840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1840" - }, - { - "name" : "36566", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36566" - }, - { - "name" : "25355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25355" + }, + { + "name": "http://www.plainblack.com/bugs/tracker/dataform-security-bug", + "refsource": "CONFIRM", + "url": "http://www.plainblack.com/bugs/tracker/dataform-security-bug" + }, + { + "name": "36566", + "refsource": "OSVDB", + "url": "http://osvdb.org/36566" + }, + { + "name": "ADV-2007-1840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1840" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2865.json b/2007/2xxx/CVE-2007-2865.json index 72a6fdd282b..51f6a6d5400 100644 --- a/2007/2xxx/CVE-2007-2865.json +++ b/2007/2xxx/CVE-2007-2865.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070522 phpPgAdmin XSS Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117987658110713&w=2" - }, - { - "name" : "DSA-1693", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1693" - }, - { - "name" : "SUSE-SR:2007:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_24_sr.html" - }, - { - "name" : "24115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24115" - }, - { - "name" : "38138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38138" - }, - { - "name" : "27756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27756" - }, - { - "name" : "33263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33263" - }, - { - "name" : "phppgadmin-sqledit-xss(34456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phppgadmin-sqledit-xss(34456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456" + }, + { + "name": "38138", + "refsource": "OSVDB", + "url": "http://osvdb.org/38138" + }, + { + "name": "27756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27756" + }, + { + "name": "24115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24115" + }, + { + "name": "20070522 phpPgAdmin XSS Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117987658110713&w=2" + }, + { + "name": "SUSE-SR:2007:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html" + }, + { + "name": "33263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33263" + }, + { + "name": "DSA-1693", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1693" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0060.json b/2010/0xxx/CVE-2010-0060.json index ece6c543be4..fc2c9c632a6 100644 --- a/2010/0xxx/CVE-2010-0060.json +++ b/2010/0xxx/CVE-2010-0060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:7513", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "oval:org.mitre.oval:def:7513", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7513" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0480.json b/2010/0xxx/CVE-2010-0480.json index a5109353d79..c03f74118c7 100644 --- a/2010/0xxx/CVE-2010-0480.json +++ b/2010/0xxx/CVE-2010-0480.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka \"MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026" - }, - { - "name" : "TA10-103A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441" - }, - { - "name" : "8336", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka \"MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8336", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8336" + }, + { + "name": "oval:org.mitre.oval:def:7441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441" + }, + { + "name": "MS10-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026" + }, + { + "name": "TA10-103A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0536.json b/2010/0xxx/CVE-2010-0536.json index ccf1561fb50..aa24bf0164c 100644 --- a/2010/0xxx/CVE-2010-0536.json +++ b/2010/0xxx/CVE-2010-0536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:6969", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:6969", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0663.json b/2010/0xxx/CVE-2010-0663.json index a5acec7f6b0..b2eff2d39ae 100644 --- a/2010/0xxx/CVE-2010-0663.json +++ b/2010/0xxx/CVE-2010-0663.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=31307", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=31307" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "oval:org.mitre.oval:def:14002", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14002", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=31307", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=31307" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0738.json b/2010/0xxx/CVE-2010-0738.json index a78494e39e6..525afe20f94 100644 --- a/2010/0xxx/CVE-2010-0738.json +++ b/2010/0xxx/CVE-2010-0738.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=574105", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=574105" - }, - { - "name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35", - "refsource" : "CONFIRM", - "url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35" - }, - { - "name" : "HPSBMU02714", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132129312609324&w=2" - }, - { - "name" : "SSRT100244", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132129312609324&w=2" - }, - { - "name" : "RHSA-2010:0376", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0376.html" - }, - { - "name" : "RHSA-2010:0377", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0377.html" - }, - { - "name" : "RHSA-2010:0378", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0378.html" - }, - { - "name" : "RHSA-2010:0379", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0379.html" - }, - { - "name" : "39710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39710" - }, - { - "name" : "1023918", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023918" - }, - { - "name" : "39563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39563" - }, - { - "name" : "8408", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8408" - }, - { - "name" : "ADV-2010-0992", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0992" - }, - { - "name" : "jboss-jmxconsole-security-bypass(58147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0379", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html" + }, + { + "name": "RHSA-2010:0378", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=574105", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105" + }, + { + "name": "RHSA-2010:0376", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html" + }, + { + "name": "8408", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8408" + }, + { + "name": "RHSA-2010:0377", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html" + }, + { + "name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35", + "refsource": "CONFIRM", + "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35" + }, + { + "name": "ADV-2010-0992", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0992" + }, + { + "name": "HPSBMU02714", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2" + }, + { + "name": "jboss-jmxconsole-security-bypass(58147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147" + }, + { + "name": "SSRT100244", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2" + }, + { + "name": "39710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39710" + }, + { + "name": "39563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39563" + }, + { + "name": "1023918", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023918" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2777.json b/2010/2xxx/CVE-2010-2777.json index c13008a58c1..acbc4225ca8 100644 --- a/2010/2xxx/CVE-2010-2777.json +++ b/2010/2xxx/CVE-2010-2777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-129/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-129/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=597331", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=597331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=597331", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=597331" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-129/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-129/" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3025.json b/2010/3xxx/CVE-2010-3025.json index 9babc984a57..056093fccba 100644 --- a/2010/3xxx/CVE-2010-3025.json +++ b/2010/3xxx/CVE-2010-3025.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100805 XSS vulnerability in Open Blog", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512895/100/0/threaded" - }, - { - "name" : "20100805 XSS vulnerability in Open blog", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512901/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html" - }, - { - "name" : "42255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42255" - }, - { - "name" : "40876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40876" - }, - { - "name" : "openblog-users-xss(60942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100805 XSS vulnerability in Open blog", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512901/100/0/threaded" + }, + { + "name": "42255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42255" + }, + { + "name": "openblog-users-xss(60942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60942" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html" + }, + { + "name": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt" + }, + { + "name": "20100805 XSS vulnerability in Open Blog", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512895/100/0/threaded" + }, + { + "name": "40876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40876" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3201.json b/2010/3xxx/CVE-2010-3201.json index 75abccd7637..659547e68b5 100644 --- a/2010/3xxx/CVE-2010-3201.json +++ b/2010/3xxx/CVE-2010-3201.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101004 NetWin Surgemail XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514115/100/0/threaded" - }, - { - "name" : "34797", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/34797/" - }, - { - "name" : "http://ictsec.se/?p=108", - "refsource" : "MISC", - "url" : "http://ictsec.se/?p=108" - }, - { - "name" : "43679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43679" - }, - { - "name" : "41685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34797", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/34797/" + }, + { + "name": "20101004 NetWin Surgemail XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded" + }, + { + "name": "http://ictsec.se/?p=108", + "refsource": "MISC", + "url": "http://ictsec.se/?p=108" + }, + { + "name": "43679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43679" + }, + { + "name": "41685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41685" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3339.json b/2010/3xxx/CVE-2010-3339.json index efe5b54395f..3e739ae94e0 100644 --- a/2010/3xxx/CVE-2010-3339.json +++ b/2010/3xxx/CVE-2010-3339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3673.json b/2010/3xxx/CVE-2010-3673.json index ff1df257eef..6cedaada451 100644 --- a/2010/3xxx/CVE-2010-3673.json +++ b/2010/3xxx/CVE-2010-3673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3706.json b/2010/3xxx/CVE-2010-3706.json index 259ba271fc6..43ec9740aab 100644 --- a/2010/3xxx/CVE-2010-3706.json +++ b/2010/3xxx/CVE-2010-3706.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053452.html" - }, - { - "name" : "[dovecot] 20101002 v1.2.15 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053450.html" - }, - { - "name" : "[dovecot] 20101002 v2.0.5 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2010-October/053451.html" - }, - { - "name" : "[oss-security] 20101004 CVE Request: more dovecot ACL issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128620520732377&w=2" - }, - { - "name" : "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128622064325688&w=2" - }, - { - "name" : "MDVSA-2010:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "USN-1059-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1059-1" - }, - { - "name" : "43220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43220" - }, - { - "name" : "ADV-2010-2572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2572" - }, - { - "name" : "ADV-2010-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2840" - }, - { - "name" : "ADV-2011-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128622064325688&w=2" + }, + { + "name": "USN-1059-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1059-1" + }, + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "ADV-2010-2572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2572" + }, + { + "name": "[oss-security] 20101004 CVE Request: more dovecot ACL issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128620520732377&w=2" + }, + { + "name": "MDVSA-2010:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" + }, + { + "name": "43220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43220" + }, + { + "name": "ADV-2011-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0301" + }, + { + "name": "[dovecot] 20101002 v1.2.15 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053450.html" + }, + { + "name": "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053452.html" + }, + { + "name": "ADV-2010-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2840" + }, + { + "name": "[dovecot] 20101002 v2.0.5 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2010-October/053451.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3890.json b/2010/3xxx/CVE-2010-3890.json index 4bf0b7219f0..1a3ddc59292 100644 --- a/2010/3xxx/CVE-2010-3890.json +++ b/2010/3xxx/CVE-2010-3890.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 IBM OmniFind - several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded" - }, - { - "name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", - "refsource" : "MISC", - "url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" - }, - { - "name" : "44740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44740" - }, - { - "name" : "ADV-2010-2933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101109 IBM OmniFind - several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded" + }, + { + "name": "44740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44740" + }, + { + "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", + "refsource": "MISC", + "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" + }, + { + "name": "ADV-2010-2933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2933" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4176.json b/2010/4xxx/CVE-2010-4176.json index 42c8c178fc9..6241dbff9c4 100644 --- a/2010/4xxx/CVE-2010-4176.json +++ b/2010/4xxx/CVE-2010-4176.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=654489", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=654489" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=654935", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=654935" - }, - { - "name" : "FEDORA-2010-17912", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html" - }, - { - "name" : "FEDORA-2010-17930", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html" - }, - { - "name" : "45046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45046" - }, - { - "name" : "42342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42342" - }, - { - "name" : "42451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42451" - }, - { - "name" : "ADV-2010-3062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3062" - }, - { - "name" : "ADV-2010-3110", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45046" + }, + { + "name": "FEDORA-2010-17912", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html" + }, + { + "name": "42342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42342" + }, + { + "name": "42451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42451" + }, + { + "name": "FEDORA-2010-17930", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html" + }, + { + "name": "ADV-2010-3110", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3110" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=654489", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=654489" + }, + { + "name": "ADV-2010-3062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3062" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=654935", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=654935" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4262.json b/2010/4xxx/CVE-2010-4262.json index 8ce655d22b2..3cc222bba1a 100644 --- a/2010/4xxx/CVE-2010-4262.json +++ b/2010/4xxx/CVE-2010-4262.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/03/2" - }, - { - "name" : "[oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/06/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=657981", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=657981" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=659676", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=659676" - }, - { - "name" : "FEDORA-2010-18589", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html" - }, - { - "name" : "MDVSA-2011:010", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:010" - }, - { - "name" : "45177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45177" - }, - { - "name" : "42579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42579" - }, - { - "name" : "ADV-2010-3232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3232" - }, - { - "name" : "ADV-2011-0108", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/06/8" + }, + { + "name": "ADV-2010-3232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3232" + }, + { + "name": "42579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42579" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659676", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659676" + }, + { + "name": "MDVSA-2011:010", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:010" + }, + { + "name": "45177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45177" + }, + { + "name": "ADV-2011-0108", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0108" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=657981", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=657981" + }, + { + "name": "FEDORA-2010-18589", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html" + }, + { + "name": "[oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/03/2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4345.json b/2010/4xxx/CVE-2010-4345.json index 31961372ec3..cac96f93d4b 100644 --- a/2010/4xxx/CVE-2010-4345.json +++ b/2010/4xxx/CVE-2010-4345.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101213 Exim security issue in historical release", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded" - }, - { - "name" : "[exim-dev] 20101207 Remote root vulnerability in Exim", - "refsource" : "MLIST", - "url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" - }, - { - "name" : "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", - "refsource" : "MLIST", - "url" : "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html" - }, - { - "name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", - "refsource" : "MLIST", - "url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" - }, - { - "name" : "[oss-security] 20101210 Exim remote root", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/10/1" - }, - { - "name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" - }, - { - "name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" - }, - { - "name" : "http://bugs.exim.org/show_bug.cgi?id=1044", - "refsource" : "CONFIRM", - "url" : "http://bugs.exim.org/show_bug.cgi?id=1044" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012" - }, - { - "name" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html", - "refsource" : "CONFIRM", - "url" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html" - }, - { - "name" : "DSA-2131", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2131" - }, - { - "name" : "DSA-2154", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2154" - }, - { - "name" : "RHSA-2011:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0153.html" - }, - { - "name" : "SUSE-SA:2010:059", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" - }, - { - "name" : "USN-1060-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1060-1" - }, - { - "name" : "VU#758489", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/758489" - }, - { - "name" : "45341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45341" - }, - { - "name" : "1024859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024859" - }, - { - "name" : "42576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42576" - }, - { - "name" : "42930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42930" - }, - { - "name" : "43128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43128" - }, - { - "name" : "43243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43243" - }, - { - "name" : "ADV-2010-3171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3171" - }, - { - "name" : "ADV-2010-3204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3204" - }, - { - "name" : "ADV-2011-0135", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0135" - }, - { - "name" : "ADV-2011-0245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0245" - }, - { - "name" : "ADV-2011-0364", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43128" + }, + { + "name": "SUSE-SA:2010:059", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" + }, + { + "name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim", + "refsource": "MLIST", + "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html" + }, + { + "name": "VU#758489", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/758489" + }, + { + "name": "[exim-dev] 20101207 Remote root vulnerability in Exim", + "refsource": "MLIST", + "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=662012", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012" + }, + { + "name": "ADV-2011-0364", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0364" + }, + { + "name": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" + }, + { + "name": "RHSA-2011:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html" + }, + { + "name": "45341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45341" + }, + { + "name": "42930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42930" + }, + { + "name": "42576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42576" + }, + { + "name": "43243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43243" + }, + { + "name": "1024859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024859" + }, + { + "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", + "refsource": "MLIST", + "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" + }, + { + "name": "DSA-2154", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2154" + }, + { + "name": "20101213 Exim security issue in historical release", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded" + }, + { + "name": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" + }, + { + "name": "ADV-2011-0245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0245" + }, + { + "name": "ADV-2011-0135", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0135" + }, + { + "name": "USN-1060-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1060-1" + }, + { + "name": "ADV-2010-3204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3204" + }, + { + "name": "http://bugs.exim.org/show_bug.cgi?id=1044", + "refsource": "CONFIRM", + "url": "http://bugs.exim.org/show_bug.cgi?id=1044" + }, + { + "name": "DSA-2131", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2131" + }, + { + "name": "ADV-2010-3171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3171" + }, + { + "name": "http://www.cpanel.net/2010/12/critical-exim-security-update.html", + "refsource": "CONFIRM", + "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html" + }, + { + "name": "[oss-security] 20101210 Exim remote root", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/10/1" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4687.json b/2010/4xxx/CVE-2010-4687.json index c6aba46352f..a81daeb8739 100644 --- a/2010/4xxx/CVE-2010-4687.json +++ b/2010/4xxx/CVE-2010-4687.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" - }, - { - "name" : "45769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45769" - }, - { - "name" : "ciscoios-stcapp-dos(64584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-stcapp-dos(64584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64584" + }, + { + "name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" + }, + { + "name": "45769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45769" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0032.json b/2014/0xxx/CVE-2014-0032.json index a9aac01a31d..b82ae7a50f0 100644 --- a/2014/0xxx/CVE-2014-0032.json +++ b/2014/0xxx/CVE-2014-0032.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E" - }, - { - "name" : "[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E" - }, - { - "name" : "[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E" - }, - { - "name" : "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES" - }, - { - "name" : "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1557320", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1557320" - }, - { - "name" : "http://support.apple.com/kb/HT6444", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6444" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201610-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-05" - }, - { - "name" : "RHSA-2014:0255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0255.html" - }, - { - "name" : "openSUSE-SU-2014:0307", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html" - }, - { - "name" : "openSUSE-SU-2014:0334", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html" - }, - { - "name" : "USN-2316-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2316-1" - }, - { - "name" : "65434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65434" - }, - { - "name" : "102927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/102927" - }, - { - "name" : "56822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56822" - }, - { - "name" : "60722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60722" - }, - { - "name" : "61321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61321" - }, - { - "name" : "apache-subversion-cve20140032-dos(90986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES" + }, + { + "name": "56822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56822" + }, + { + "name": "61321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61321" + }, + { + "name": "USN-2316-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2316-1" + }, + { + "name": "102927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/102927" + }, + { + "name": "RHSA-2014:0255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html" + }, + { + "name": "[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1557320", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1557320" + }, + { + "name": "65434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65434" + }, + { + "name": "http://support.apple.com/kb/HT6444", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6444" + }, + { + "name": "[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E" + }, + { + "name": "openSUSE-SU-2014:0307", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html" + }, + { + "name": "60722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60722" + }, + { + "name": "[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E" + }, + { + "name": "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES" + }, + { + "name": "apache-subversion-cve20140032-dos(90986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90986" + }, + { + "name": "openSUSE-SU-2014:0334", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html" + }, + { + "name": "GLSA-201610-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-05" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0906.json b/2014/0xxx/CVE-2014-0906.json index 36b343c17d1..4d194c1dcad 100644 --- a/2014/0xxx/CVE-2014-0906.json +++ b/2014/0xxx/CVE-2014-0906.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" - }, - { - "name" : "sametime-cve20140906-cookie-validity(91854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sametime-cve20140906-cookie-validity(91854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91854" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" + } + ] + } +} \ No newline at end of file diff --git a/2014/32xxx/CVE-2014-32537.json b/2014/32xxx/CVE-2014-32537.json index 90958dfec9a..d382d2f7328 100644 --- a/2014/32xxx/CVE-2014-32537.json +++ b/2014/32xxx/CVE-2014-32537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-32537", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-32537", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4287.json b/2014/4xxx/CVE-2014-4287.json index dcb549103bb..5c868cad423 100644 --- a/2014/4xxx/CVE-2014-4287.json +++ b/2014/4xxx/CVE-2014-4287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70517" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4384.json b/2014/4xxx/CVE-2014-4384.json index bdb2afd91fe..7cb4d9e16b8 100644 --- a/2014/4xxx/CVE-2014-4384.json +++ b/2014/4xxx/CVE-2014-4384.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69940" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144384-priv-esc(96087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "69940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69940" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "appleios-cve20144384-priv-esc(96087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96087" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4765.json b/2014/4xxx/CVE-2014-4765.json index 13325bd4b2a..d5a963e5289 100644 --- a/2014/4xxx/CVE-2014-4765.json +++ b/2014/4xxx/CVE-2014-4765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685289", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685289" - }, - { - "name" : "ibm-maximo-cve20144765-error-message(94757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289" + }, + { + "name": "ibm-maximo-cve20144765-error-message(94757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8127.json b/2014/8xxx/CVE-2014-8127.json index c8285acb261..a9ca695c387 100644 --- a/2014/8xxx/CVE-2014-8127.json +++ b/2014/8xxx/CVE-2014-8127.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/24/15" - }, - { - "name" : "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt", - "refsource" : "MISC", - "url" : "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2484", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2484" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2485", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2485" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2486", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2486" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2496", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2496" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2497", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2497" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2500", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2500" - }, - { - "name" : "DSA-3273", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3273" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2016:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html" - }, - { - "name" : "RHSA-2016:1547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html" - }, - { - "name" : "openSUSE-SU-2015:0450", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html" - }, - { - "name" : "72323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72323" - }, - { - "name" : "1032760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0450", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html" + }, + { + "name": "72323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72323" + }, + { + "name": "RHSA-2016:1547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2497", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497" + }, + { + "name": "1032760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032760" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2496", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2486", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2484", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484" + }, + { + "name": "DSA-3273", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3273" + }, + { + "name": "RHSA-2016:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2485", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500" + }, + { + "name": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt", + "refsource": "MISC", + "url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt" + }, + { + "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/24/15" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8251.json b/2014/8xxx/CVE-2014-8251.json index a7cdbd8da60..6d71dc11f7c 100644 --- a/2014/8xxx/CVE-2014-8251.json +++ b/2014/8xxx/CVE-2014-8251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8251", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8251", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8484.json b/2014/8xxx/CVE-2014-8484.json index 66984a9aebd..f3bb9e22bd7 100644 --- a/2014/8xxx/CVE-2014-8484.json +++ b/2014/8xxx/CVE-2014-8484.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141023 Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/10/23/5" - }, - { - "name" : "[oss-security] 20141026 Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/26/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156272", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156272" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17509", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17509" - }, - { - "name" : "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "FEDORA-2014-14838", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" - }, - { - "name" : "FEDORA-2014-14963", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" - }, - { - "name" : "FEDORA-2014-14995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" - }, - { - "name" : "GLSA-201612-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-24" - }, - { - "name" : "MDVSA-2015:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" - }, - { - "name" : "USN-2496-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2496-1" - }, - { - "name" : "70714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70714" - }, - { - "name" : "62241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62241" - }, - { - "name" : "62746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62241" + }, + { + "name": "MDVSA-2015:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" + }, + { + "name": "USN-2496-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2496-1" + }, + { + "name": "FEDORA-2014-14995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" + }, + { + "name": "[oss-security] 20141023 Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/10/23/5" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17509", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17509" + }, + { + "name": "70714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70714" + }, + { + "name": "[oss-security] 20141026 Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/26/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1156272", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1156272" + }, + { + "name": "FEDORA-2014-14963", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" + }, + { + "name": "62746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62746" + }, + { + "name": "FEDORA-2014-14838", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" + }, + { + "name": "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f" + }, + { + "name": "GLSA-201612-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-24" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9006.json b/2014/9xxx/CVE-2014-9006.json index 337c9aee893..a9274c0f4d0 100644 --- a/2014/9xxx/CVE-2014-9006.json +++ b/2014/9xxx/CVE-2014-9006.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html" - }, - { - "name" : "monstra-index-brute-force(98649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "monstra-index-brute-force(98649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98649" + }, + { + "name": "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9031.json b/2014/9xxx/CVE-2014-9031.json index 36ee7827100..4d4f583b25e 100644 --- a/2014/9xxx/CVE-2014-9031.json +++ b/2014/9xxx/CVE-2014-9031.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141120 WordPress 3 persistent script injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/62" - }, - { - "name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/25/12" - }, - { - "name" : "http://klikki.fi/adv/wordpress.html", - "refsource" : "MISC", - "url" : "http://klikki.fi/adv/wordpress.html" - }, - { - "name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0493.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0493.html" - }, - { - "name" : "DSA-3085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3085" - }, - { - "name" : "MDVSA-2014:233", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" - }, - { - "name" : "71237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71237" - }, - { - "name" : "1031243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141120 WordPress 3 persistent script injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/62" + }, + { + "name": "DSA-3085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3085" + }, + { + "name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/25/12" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0493.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0493.html" + }, + { + "name": "http://klikki.fi/adv/wordpress.html", + "refsource": "MISC", + "url": "http://klikki.fi/adv/wordpress.html" + }, + { + "name": "1031243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031243" + }, + { + "name": "71237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71237" + }, + { + "name": "MDVSA-2014:233", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" + }, + { + "name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9204.json b/2014/9xxx/CVE-2014-9204.json index b49730726f3..583b2d94204 100644 --- a/2014/9xxx/CVE-2014-9204.json +++ b/2014/9xxx/CVE-2014-9204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02" - }, - { - "name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324", - "refsource" : "MISC", - "url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02" + }, + { + "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324", + "refsource": "MISC", + "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2592.json b/2016/2xxx/CVE-2016-2592.json index 20469354546..a88593e0858 100644 --- a/2016/2xxx/CVE-2016-2592.json +++ b/2016/2xxx/CVE-2016-2592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2592", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2592", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2612.json b/2016/2xxx/CVE-2016-2612.json index 14eeb726463..7cfc4d11529 100644 --- a/2016/2xxx/CVE-2016-2612.json +++ b/2016/2xxx/CVE-2016-2612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2612", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2612", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2652.json b/2016/2xxx/CVE-2016-2652.json index 990e276b1cc..99fa91f5e5b 100644 --- a/2016/2xxx/CVE-2016-2652.json +++ b/2016/2xxx/CVE-2016-2652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2652", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2652", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6007.json b/2016/6xxx/CVE-2016-6007.json index 734f6139cd2..c400450c72d 100644 --- a/2016/6xxx/CVE-2016-6007.json +++ b/2016/6xxx/CVE-2016-6007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6235.json b/2016/6xxx/CVE-2016-6235.json index 2844ee0ae33..c857f38da75 100644 --- a/2016/6xxx/CVE-2016-6235.json +++ b/2016/6xxx/CVE-2016-6235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/6" - }, - { - "name" : "https://github.com/dropbox/lepton/issues/26", - "refsource" : "CONFIRM", - "url" : "https://github.com/dropbox/lepton/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dropbox/lepton/issues/26", + "refsource": "CONFIRM", + "url": "https://github.com/dropbox/lepton/issues/26" + }, + { + "name": "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6533.json b/2016/6xxx/CVE-2016-6533.json index 3e6547261c4..ec498889f32 100644 --- a/2016/6xxx/CVE-2016-6533.json +++ b/2016/6xxx/CVE-2016-6533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6533", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6533", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6650.json b/2016/6xxx/CVE-2016-6650.json index dcc93125e12..5369af8a038 100644 --- a/2016/6xxx/CVE-2016-6650.json +++ b/2016/6xxx/CVE-2016-6650.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-6650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0", - "version" : { - "version_data" : [ - { - "version_value" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SSL Stripping Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0", + "version": { + "version_data": [ + { + "version_value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540303/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540303/30/0/threaded" - }, - { - "name" : "96156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96156" - }, - { - "name" : "1038066", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SSL Stripping Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038066", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038066" + }, + { + "name": "http://www.securityfocus.com/archive/1/540303/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded" + }, + { + "name": "96156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96156" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7082.json b/2016/7xxx/CVE-2016-7082.json index 5c67b026cd5..04751dbe041 100644 --- a/2016/7xxx/CVE-2016-7082.json +++ b/2016/7xxx/CVE-2016-7082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2016-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2016-0014.html" - }, - { - "name" : "92934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92934" - }, - { - "name" : "1036805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html" + }, + { + "name": "1036805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036805" + }, + { + "name": "92934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92934" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7194.json b/2016/7xxx/CVE-2016-7194.json index e1cb6f75c25..3e681b5f6bc 100644 --- a/2016/7xxx/CVE-2016-7194.json +++ b/2016/7xxx/CVE-2016-7194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-119", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" - }, - { - "name" : "93399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93399" - }, - { - "name" : "1036993", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-119", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" + }, + { + "name": "1036993", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036993" + }, + { + "name": "93399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93399" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7207.json b/2016/7xxx/CVE-2016-7207.json index 5210af84421..7bb662a12a8 100644 --- a/2016/7xxx/CVE-2016-7207.json +++ b/2016/7xxx/CVE-2016-7207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7207", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7444.json b/2016/7xxx/CVE-2016-7444.json index 81d0373a2b7..b05b17d7983 100644 --- a/2016/7xxx/CVE-2016-7444.json +++ b/2016/7xxx/CVE-2016-7444.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20160902 OCSP certificate check", - "refsource" : "MLIST", - "url" : "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html" - }, - { - "name" : "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9" - }, - { - "name" : "https://www.gnutls.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.gnutls.org/security.html" - }, - { - "name" : "RHSA-2017:2292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2292" - }, - { - "name" : "openSUSE-SU-2017:0386", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html" - }, - { - "name" : "92893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92893" + }, + { + "name": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9" + }, + { + "name": "RHSA-2017:2292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2292" + }, + { + "name": "openSUSE-SU-2017:0386", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html" + }, + { + "name": "[gnutls-devel] 20160902 OCSP certificate check", + "refsource": "MLIST", + "url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html" + }, + { + "name": "https://www.gnutls.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.gnutls.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7633.json b/2016/7xxx/CVE-2016-7633.json index ae630201b99..b8a2a4598fa 100644 --- a/2016/7xxx/CVE-2016-7633.json +++ b/2016/7xxx/CVE-2016-7633.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Directory Services\" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40954", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40954/" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Directory Services\" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40954", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40954/" + }, + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7888.json b/2016/7xxx/CVE-2016-7888.json index 960a838288e..0a8c2d9f976 100644 --- a/2016/7xxx/CVE-2016-7888.json +++ b/2016/7xxx/CVE-2016-7888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.2 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-636", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-636" - }, - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html" - }, - { - "name" : "94880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94880" - }, - { - "name" : "1037466", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html" + }, + { + "name": "94880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94880" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-636", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-636" + }, + { + "name": "1037466", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037466" + } + ] + } +} \ No newline at end of file