From a53e78142a780ddf393084cc770288d6f9373258 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:55:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0149.json | 130 ++++----- 2006/0xxx/CVE-2006-0397.json | 180 ++++++------- 2006/0xxx/CVE-2006-0897.json | 180 ++++++------- 2006/1xxx/CVE-2006-1262.json | 200 +++++++------- 2006/1xxx/CVE-2006-1422.json | 140 +++++----- 2006/1xxx/CVE-2006-1600.json | 130 ++++----- 2006/1xxx/CVE-2006-1756.json | 180 ++++++------- 2006/4xxx/CVE-2006-4541.json | 210 +++++++-------- 2006/5xxx/CVE-2006-5271.json | 190 ++++++------- 2006/5xxx/CVE-2006-5443.json | 150 +++++------ 2006/5xxx/CVE-2006-5507.json | 260 +++++++++--------- 2006/5xxx/CVE-2006-5887.json | 190 ++++++------- 2006/5xxx/CVE-2006-5895.json | 200 +++++++------- 2007/2xxx/CVE-2007-2828.json | 150 +++++------ 2010/0xxx/CVE-2010-0039.json | 140 +++++----- 2010/0xxx/CVE-2010-0137.json | 170 ++++++------ 2010/0xxx/CVE-2010-0294.json | 180 ++++++------- 2010/0xxx/CVE-2010-0919.json | 240 ++++++++--------- 2010/2xxx/CVE-2010-2794.json | 160 +++++------ 2010/2xxx/CVE-2010-2832.json | 120 ++++----- 2010/3xxx/CVE-2010-3278.json | 34 +-- 2010/3xxx/CVE-2010-3300.json | 34 +-- 2010/3xxx/CVE-2010-3574.json | 510 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3698.json | 220 +++++++-------- 2010/4xxx/CVE-2010-4049.json | 150 +++++------ 2010/4xxx/CVE-2010-4251.json | 190 ++++++------- 2010/4xxx/CVE-2010-4719.json | 170 ++++++------ 2014/3xxx/CVE-2014-3764.json | 130 ++++----- 2014/4xxx/CVE-2014-4038.json | 190 ++++++------- 2014/4xxx/CVE-2014-4234.json | 190 ++++++------- 2014/4xxx/CVE-2014-4318.json | 34 +-- 2014/4xxx/CVE-2014-4386.json | 170 ++++++------ 2014/4xxx/CVE-2014-4711.json | 34 +-- 2014/4xxx/CVE-2014-4771.json | 140 +++++----- 2014/4xxx/CVE-2014-4866.json | 34 +-- 2014/8xxx/CVE-2014-8255.json | 34 +-- 2014/8xxx/CVE-2014-8431.json | 34 +-- 2014/8xxx/CVE-2014-8573.json | 34 +-- 2014/9xxx/CVE-2014-9059.json | 160 +++++------ 2014/9xxx/CVE-2014-9111.json | 34 +-- 2014/9xxx/CVE-2014-9276.json | 160 +++++------ 2016/2xxx/CVE-2016-2415.json | 130 ++++----- 2016/2xxx/CVE-2016-2482.json | 130 ++++----- 2016/2xxx/CVE-2016-2674.json | 34 +-- 2016/3xxx/CVE-2016-3005.json | 140 +++++----- 2016/3xxx/CVE-2016-3046.json | 220 +++++++-------- 2016/3xxx/CVE-2016-3161.json | 140 +++++----- 2016/3xxx/CVE-2016-3597.json | 150 +++++------ 2016/6xxx/CVE-2016-6226.json | 34 +-- 2016/6xxx/CVE-2016-6873.json | 140 +++++----- 2016/6xxx/CVE-2016-6985.json | 160 +++++------ 2016/7xxx/CVE-2016-7059.json | 34 +-- 2016/7xxx/CVE-2016-7312.json | 34 +-- 2016/7xxx/CVE-2016-7504.json | 130 ++++----- 54 files changed, 3831 insertions(+), 3831 deletions(-) diff --git a/2006/0xxx/CVE-2006-0149.json b/2006/0xxx/CVE-2006-0149.json index b8fc6c595c3..0a3d5b60fe4 100644 --- a/2006/0xxx/CVE-2006-0149.json +++ b/2006/0xxx/CVE-2006-0149.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060106 SimpBook \"message\" Remote Cross-Site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041127.html" - }, - { - "name" : "1015451", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015451", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015451" + }, + { + "name": "20060106 SimpBook \"message\" Remote Cross-Site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041127.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0397.json b/2006/0xxx/CVE-2006-0397.json index 368e371caca..f198c818f1c 100644 --- a/2006/0xxx/CVE-2006-0397.json +++ b/2006/0xxx/CVE-2006-0397.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303453", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303453" - }, - { - "name" : "ADV-2006-0949", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0949" - }, - { - "name" : "23869", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23869" - }, - { - "name" : "1015760", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015760" - }, - { - "name" : "19129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19129" - }, - { - "name" : "macosx-safefiletype-command-execution(25269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23869", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23869" + }, + { + "name": "ADV-2006-0949", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0949" + }, + { + "name": "1015760", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015760" + }, + { + "name": "19129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19129" + }, + { + "name": "APPLE-SA-2006-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html" + }, + { + "name": "macosx-safefiletype-command-execution(25269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303453", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303453" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0897.json b/2006/0xxx/CVE-2006-0897.json index 2443f7e1a9e..293ecd5c5ac 100644 --- a/2006/0xxx/CVE-2006-0897.json +++ b/2006/0xxx/CVE-2006-0897.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that \"[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue.\" Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060310 vendor dispute: VCS", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-March/000598.html" - }, - { - "name" : "20060310 Re: vendor dispute: VCS", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-March/000599.html" - }, - { - "name" : "16798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16798" - }, - { - "name" : "ADV-2006-0725", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0725" - }, - { - "name" : "23479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23479" - }, - { - "name" : "18842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18842" - }, - { - "name" : "vpmi-servicerequests-sql-injection(24885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that \"[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue.\" Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16798" + }, + { + "name": "18842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18842" + }, + { + "name": "20060310 Re: vendor dispute: VCS", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-March/000599.html" + }, + { + "name": "vpmi-servicerequests-sql-injection(24885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24885" + }, + { + "name": "23479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23479" + }, + { + "name": "ADV-2006-0725", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0725" + }, + { + "name": "20060310 vendor dispute: VCS", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-March/000598.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1262.json b/2006/1xxx/CVE-2006-1262.json index 3a250f5dc68..bbc9afb0a6d 100644 --- a/2006/1xxx/CVE-2006-1262.json +++ b/2006/1xxx/CVE-2006-1262.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114243660409338&w=2" - }, - { - "name" : "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html" - }, - { - "name" : "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32", - "refsource" : "CONFIRM", - "url" : "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32" - }, - { - "name" : "17114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17114" - }, - { - "name" : "23919", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23919" - }, - { - "name" : "1015772", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015772" - }, - { - "name" : "19247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19247" - }, - { - "name" : "592", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/592" - }, - { - "name" : "aspportal-multiple-scripts-sql-injection(25234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspportal-multiple-scripts-sql-injection(25234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234" + }, + { + "name": "17114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17114" + }, + { + "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html" + }, + { + "name": "23919", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23919" + }, + { + "name": "1015772", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015772" + }, + { + "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32", + "refsource": "CONFIRM", + "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32" + }, + { + "name": "592", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/592" + }, + { + "name": "19247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19247" + }, + { + "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114243660409338&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1422.json b/2006/1xxx/CVE-2006-1422.json index 9da0a98aa79..7457c42f779 100644 --- a/2006/1xxx/CVE-2006-1422.json +++ b/2006/1xxx/CVE-2006-1422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1610", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1610" - }, - { - "name" : "17230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17230" - }, - { - "name" : "phpbookingcal-detailsview-sql-injection(25580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17230" + }, + { + "name": "1610", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1610" + }, + { + "name": "phpbookingcal-detailsview-sql-injection(25580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25580" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1600.json b/2006/1xxx/CVE-2006-1600.json index fe2968ea994..f8a5fd458ad 100644 --- a/2006/1xxx/CVE-2006-1600.json +++ b/2006/1xxx/CVE-2006-1600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060403 Phpwebgallery <= 1.4.1 SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429665/100/0/threaded" - }, - { - "name" : "669", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "669", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/669" + }, + { + "name": "20060403 Phpwebgallery <= 1.4.1 SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429665/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1756.json b/2006/1xxx/CVE-2006-1756.json index 55ddc990edf..b7e6aeb7f96 100644 --- a/2006/1xxx/CVE-2006-1756.json +++ b/2006/1xxx/CVE-2006-1756.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431429/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/120/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/120/summary.html" - }, - { - "name" : "17394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17394" - }, - { - "name" : "ADV-2006-1259", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1259" - }, - { - "name" : "24455", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24455" - }, - { - "name" : "19530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19530" - }, - { - "name" : "mdnews-admin-security-bypass(25636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24455", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24455" + }, + { + "name": "ADV-2006-1259", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1259" + }, + { + "name": "17394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17394" + }, + { + "name": "http://evuln.com/vulns/120/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/120/summary.html" + }, + { + "name": "20060418 [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431429/100/0/threaded" + }, + { + "name": "mdnews-admin-security-bypass(25636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25636" + }, + { + "name": "19530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19530" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4541.json b/2006/4xxx/CVE-2006-4541.json index 2d3b0456ae5..a4c231bf08c 100644 --- a/2006/4xxx/CVE-2006-4541.json +++ b/2006/4xxx/CVE-2006-4541.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060901 ISS BlackICE PC Protection Insufficient validation of arguments of NtOpenSection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444958/100/0/threaded" - }, - { - "name" : "20070918 Plague in (security) software drivers & BSDOhook utility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479830/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php" - }, - { - "name" : "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php" - }, - { - "name" : "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php" - }, - { - "name" : "19800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19800" - }, - { - "name" : "ADV-2006-3431", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3431" - }, - { - "name" : "28332", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28332" - }, - { - "name" : "21710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21710" - }, - { - "name" : "1512", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1512", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1512" + }, + { + "name": "28332", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28332" + }, + { + "name": "21710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21710" + }, + { + "name": "20060901 ISS BlackICE PC Protection Insufficient validation of arguments of NtOpenSection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444958/100/0/threaded" + }, + { + "name": "19800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19800" + }, + { + "name": "http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php" + }, + { + "name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php" + }, + { + "name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", + "refsource": "MISC", + "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php" + }, + { + "name": "ADV-2006-3431", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3431" + }, + { + "name": "20070918 Plague in (security) software drivers & BSDOhook utility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5271.json b/2006/5xxx/CVE-2006-5271.json index e27fc8edd0c..ecaf835e6ce 100644 --- a/2006/5xxx/CVE-2006-5271.json +++ b/2006/5xxx/CVE-2006-5271.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/269.html" - }, - { - "name" : "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html" - }, - { - "name" : "24863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24863" - }, - { - "name" : "ADV-2007-2498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2498" - }, - { - "name" : "36098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36098" - }, - { - "name" : "1018363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018363" - }, - { - "name" : "26029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26029" - }, - { - "name" : "security-management-integer-underflow(31162)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2498" + }, + { + "name": "1018363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018363" + }, + { + "name": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html" + }, + { + "name": "26029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26029" + }, + { + "name": "36098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36098" + }, + { + "name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution", + "refsource": "ISS", + "url": "http://www.iss.net/threats/269.html" + }, + { + "name": "security-management-integer-underflow(31162)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31162" + }, + { + "name": "24863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24863" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5443.json b/2006/5xxx/CVE-2006-5443.json index d5691e71c3b..4e0c8eedf3e 100644 --- a/2006/5xxx/CVE-2006-5443.json +++ b/2006/5xxx/CVE-2006-5443.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving \"variable rights.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/wims/?branch_id=11538&release_id=238917", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/wims/?branch_id=11538&release_id=238917" - }, - { - "name" : "ADV-2006-4108", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4108" - }, - { - "name" : "22415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22415" - }, - { - "name" : "wims-unspecified-data-manipulation(29668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving \"variable rights.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wims-unspecified-data-manipulation(29668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29668" + }, + { + "name": "ADV-2006-4108", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4108" + }, + { + "name": "http://freshmeat.net/projects/wims/?branch_id=11538&release_id=238917", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/wims/?branch_id=11538&release_id=238917" + }, + { + "name": "22415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22415" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5507.json b/2006/5xxx/CVE-2006-5507.json index 96b774f5cba..007877a1280 100644 --- a/2006/5xxx/CVE-2006-5507.json +++ b/2006/5xxx/CVE-2006-5507.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0610-exploits/Derdirigent.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0610-exploits/Derdirigent.txt" - }, - { - "name" : "20702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20702" - }, - { - "name" : "ADV-2006-4164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4164" - }, - { - "name" : "29950", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29950" - }, - { - "name" : "29951", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29951" - }, - { - "name" : "29952", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29952" - }, - { - "name" : "29953", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29953" - }, - { - "name" : "29954", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29954" - }, - { - "name" : "29955", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29955" - }, - { - "name" : "29956", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29956" - }, - { - "name" : "29957", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29957" - }, - { - "name" : "29958", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29958" - }, - { - "name" : "29959", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29959" - }, - { - "name" : "22546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22546" - }, - { - "name" : "der-dirigent-cfgdedi-file-include(29760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29957", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29957" + }, + { + "name": "der-dirigent-cfgdedi-file-include(29760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29760" + }, + { + "name": "29951", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29951" + }, + { + "name": "ADV-2006-4164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4164" + }, + { + "name": "20702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20702" + }, + { + "name": "29952", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29952" + }, + { + "name": "29954", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29954" + }, + { + "name": "29955", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29955" + }, + { + "name": "29950", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29950" + }, + { + "name": "29958", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29958" + }, + { + "name": "29953", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29953" + }, + { + "name": "29956", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29956" + }, + { + "name": "29959", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29959" + }, + { + "name": "http://packetstormsecurity.org/0610-exploits/Derdirigent.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0610-exploits/Derdirigent.txt" + }, + { + "name": "22546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22546" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5887.json b/2006/5xxx/CVE-2006-5887.json index 63b07678dba..c6575c3fbf9 100644 --- a/2006/5xxx/CVE-2006-5887.json +++ b/2006/5xxx/CVE-2006-5887.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061111 NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451336/100/0/threaded" - }, - { - "name" : "2757", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2757" - }, - { - "name" : "21006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21006" - }, - { - "name" : "ADV-2006-4475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4475" - }, - { - "name" : "1017217", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017217" - }, - { - "name" : "22830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22830" - }, - { - "name" : "1855", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1855" - }, - { - "name" : "nuschool-campusnewsdetails-sql-injection(30196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2757", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2757" + }, + { + "name": "20061111 NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451336/100/0/threaded" + }, + { + "name": "21006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21006" + }, + { + "name": "1017217", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017217" + }, + { + "name": "ADV-2006-4475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4475" + }, + { + "name": "1855", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1855" + }, + { + "name": "22830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22830" + }, + { + "name": "nuschool-campusnewsdetails-sql-injection(30196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30196" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5895.json b/2006/5xxx/CVE-2006-5895.json index fc406b70be7..0d8fc61fef0 100644 --- a/2006/5xxx/CVE-2006-5895.json +++ b/2006/5xxx/CVE-2006-5895.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061110 encapscms 0.3.6 - Remote File Include by Firewall", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451298/100/0/threaded" - }, - { - "name" : "2750", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2750" - }, - { - "name" : "20061114 Source VERIFY - encapscms 0.3.6 RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001123.html" - }, - { - "name" : "21001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21001" - }, - { - "name" : "ADV-2006-4481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4481" - }, - { - "name" : "30368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30368" - }, - { - "name" : "22820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22820" - }, - { - "name" : "1848", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1848" - }, - { - "name" : "encapscms-core-file-include(30198)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061114 Source VERIFY - encapscms 0.3.6 RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001123.html" + }, + { + "name": "1848", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1848" + }, + { + "name": "21001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21001" + }, + { + "name": "encapscms-core-file-include(30198)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30198" + }, + { + "name": "ADV-2006-4481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4481" + }, + { + "name": "20061110 encapscms 0.3.6 - Remote File Include by Firewall", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451298/100/0/threaded" + }, + { + "name": "2750", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2750" + }, + { + "name": "30368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30368" + }, + { + "name": "22820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22820" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2828.json b/2007/2xxx/CVE-2007-2828.json index 0c3736250b4..60644a69bba 100644 --- a/2007/2xxx/CVE-2007-2828.json +++ b/2007/2xxx/CVE-2007-2828.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://michaeldaw.org/alerts/alerts-200507/", - "refsource" : "MISC", - "url" : "http://michaeldaw.org/alerts/alerts-200507/" - }, - { - "name" : "37291", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37291" - }, - { - "name" : "25335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25335" - }, - { - "name" : "adsense-wordpress-adsensedeluxe-csrf(34416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37291", + "refsource": "OSVDB", + "url": "http://osvdb.org/37291" + }, + { + "name": "25335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25335" + }, + { + "name": "http://michaeldaw.org/alerts/alerts-200507/", + "refsource": "MISC", + "url": "http://michaeldaw.org/alerts/alerts-200507/" + }, + { + "name": "adsense-wordpress-adsensedeluxe-csrf(34416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34416" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0039.json b/2010/0xxx/CVE-2010-0039.json index 7d2391e107d..20a53df0b09 100644 --- a/2010/0xxx/CVE-2010-0039.json +++ b/2010/0xxx/CVE-2010-0039.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4298", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4298" - }, - { - "name" : "APPLE-SA-2010-12-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html" - }, - { - "name" : "1024907", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-12-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4298", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4298" + }, + { + "name": "1024907", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024907" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0137.json b/2010/0xxx/CVE-2010-0137.json index a570c5b7a63..20494bb1ea5 100644 --- a/2010/0xxx/CVE-2010-0137.json +++ b/2010/0xxx/CVE-2010-0137.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100120 Cisco IOS XR Software SSH Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b13512.shtml" - }, - { - "name" : "37878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37878" - }, - { - "name" : "1023480", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023480" - }, - { - "name" : "38227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38227" - }, - { - "name" : "ADV-2010-0183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0183" - }, - { - "name" : "ciscoios-ssh-dos(55767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0183" + }, + { + "name": "ciscoios-ssh-dos(55767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55767" + }, + { + "name": "1023480", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023480" + }, + { + "name": "20100120 Cisco IOS XR Software SSH Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b13512.shtml" + }, + { + "name": "38227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38227" + }, + { + "name": "37878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37878" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0294.json b/2010/0xxx/CVE-2010-0294.json index 7ab2a74acfa..dc2dc4c9721 100644 --- a/2010/0xxx/CVE-2010-0294.json +++ b/2010/0xxx/CVE-2010-0294.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://chrony.tuxfamily.org/News.html", - "refsource" : "CONFIRM", - "url" : "http://chrony.tuxfamily.org/News.html" - }, - { - "name" : "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f", - "refsource" : "CONFIRM", - "url" : "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=555367", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555367" - }, - { - "name" : "DSA-1992", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1992" - }, - { - "name" : "38106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38106" - }, - { - "name" : "38428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38428" - }, - { - "name" : "38480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1992", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1992" + }, + { + "name": "38106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38106" + }, + { + "name": "http://chrony.tuxfamily.org/News.html", + "refsource": "CONFIRM", + "url": "http://chrony.tuxfamily.org/News.html" + }, + { + "name": "38428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38428" + }, + { + "name": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f", + "refsource": "CONFIRM", + "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=555367", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367" + }, + { + "name": "38480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38480" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0919.json b/2010/0xxx/CVE-2010-0919.json index 741e80bf90f..12fb1bcf261 100644 --- a/2010/0xxx/CVE-2010-0919.json +++ b/2010/0xxx/CVE-2010-0919.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421808", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421808" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27018109", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27018109" - }, - { - "name" : "38457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38457" - }, - { - "name" : "38459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38459" - }, - { - "name" : "62612", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62612" - }, - { - "name" : "1023662", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023662" - }, - { - "name" : "38681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38681" - }, - { - "name" : "38744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38744" - }, - { - "name" : "38755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38755" - }, - { - "name" : "ADV-2010-0495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0495" - }, - { - "name" : "ADV-2010-0496", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0496" - }, - { - "name" : "inotes-activex-bo(56555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "inotes-activex-bo(56555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555" + }, + { + "name": "62612", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62612" + }, + { + "name": "1023662", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023662" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808" + }, + { + "name": "ADV-2010-0496", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0496" + }, + { + "name": "38459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38459" + }, + { + "name": "38755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38755" + }, + { + "name": "38744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38744" + }, + { + "name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109" + }, + { + "name": "38457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38457" + }, + { + "name": "38681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38681" + }, + { + "name": "ADV-2010-0495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0495" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2794.json b/2010/2xxx/CVE-2010-2794.json index 0beef50b673..25a01c8556a 100644 --- a/2010/2xxx/CVE-2010-2794.json +++ b/2010/2xxx/CVE-2010-2794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620356", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620356" - }, - { - "name" : "RHSA-2010:0651", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0651.html" - }, - { - "name" : "67620", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67620" - }, - { - "name" : "41120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41120" - }, - { - "name" : "ADV-2010-2181", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0651", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0651.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620356", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620356" + }, + { + "name": "41120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41120" + }, + { + "name": "ADV-2010-2181", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2181" + }, + { + "name": "67620", + "refsource": "OSVDB", + "url": "http://osvdb.org/67620" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2832.json b/2010/2xxx/CVE-2010-2832.json index dc1cd8538bd..ce872dcc285 100644 --- a/2010/2xxx/CVE-2010-2832.json +++ b/2010/2xxx/CVE-2010-2832.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100922 Cisco IOS Software Network Address Translation Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a311.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100922 Cisco IOS Software Network Address Translation Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a311.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3278.json b/2010/3xxx/CVE-2010-3278.json index 2706f98c088..c4fedef9cf3 100644 --- a/2010/3xxx/CVE-2010-3278.json +++ b/2010/3xxx/CVE-2010-3278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3278", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3110. Reason: This candidate is a reservation duplicate of CVE-2010-3110. Notes: All CVE users should reference CVE-2010-3110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3278", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3110. Reason: This candidate is a reservation duplicate of CVE-2010-3110. Notes: All CVE users should reference CVE-2010-3110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3300.json b/2010/3xxx/CVE-2010-3300.json index ad69269d89a..63cf9737b00 100644 --- a/2010/3xxx/CVE-2010-3300.json +++ b/2010/3xxx/CVE-2010-3300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3574.json b/2010/3xxx/CVE-2010-3574.json index 3450cbb68e7..d7f0e896017 100644 --- a/2010/3xxx/CVE-2010-3574.json +++ b/2010/3xxx/CVE-2010-3574.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=642215", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=642215" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0807", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "RHSA-2010:0873", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html" - }, - { - "name" : "RHSA-2010:0935", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0935.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0152", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0152.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "44011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44011" - }, - { - "name" : "oval:org.mitre.oval:def:12367", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367" - }, - { - "name" : "oval:org.mitre.oval:def:12462", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462" - }, - { - "name" : "41967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41967" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42377" - }, - { - "name" : "42432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42432" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "ADV-2010-3086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3086" - }, - { - "name" : "ADV-2010-3112", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3112" - }, - { - "name" : "ADV-2011-0134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0134" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12462", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "ADV-2011-0134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0134" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "oval:org.mitre.oval:def:12367", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "44011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44011" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642215", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "42432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42432" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "RHSA-2010:0873", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "ADV-2010-3086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3086" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "ADV-2010-3112", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3112" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "42377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42377" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "RHSA-2011:0152", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "41967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41967" + }, + { + "name": "RHSA-2010:0807", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" + }, + { + "name": "RHSA-2010:0935", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3698.json b/2010/3xxx/CVE-2010-3698.json index 29c16812db7..93f19b20a8f 100644 --- a/2010/3xxx/CVE-2010-3698.json +++ b/2010/3xxx/CVE-2010-3698.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9581d442b9058d3699b4be568b6e5eae38a41493", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9581d442b9058d3699b4be568b6e5eae38a41493" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639879", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639879" - }, - { - "name" : "FEDORA-2010-18983", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2010:0842", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0842.html" - }, - { - "name" : "RHSA-2010:0898", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0898.html" - }, - { - "name" : "44500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44500" - }, - { - "name" : "42745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42745" - }, - { - "name" : "ADV-2010-3123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3123" - }, - { - "name" : "ADV-2010-3321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0898", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0898.html" + }, + { + "name": "FEDORA-2010-18983", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" + }, + { + "name": "ADV-2010-3123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3123" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9581d442b9058d3699b4be568b6e5eae38a41493", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9581d442b9058d3699b4be568b6e5eae38a41493" + }, + { + "name": "ADV-2010-3321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3321" + }, + { + "name": "RHSA-2010:0842", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html" + }, + { + "name": "44500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44500" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "42745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42745" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639879", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639879" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4049.json b/2010/4xxx/CVE-2010-4049.json index 38d023a5669..086dab87352 100644 --- a/2010/4xxx/CVE-2010-4049.json +++ b/2010/4xxx/CVE-2010-4049.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1063/" - }, - { - "name" : "oval:org.mitre.oval:def:12263", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12263", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12263" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1063/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4251.json b/2010/4xxx/CVE-2010-4251.json index 2bf3c7a69bf..2fe6c0b9693 100644 --- a/2010/4xxx/CVE-2010-4251.json +++ b/2010/4xxx/CVE-2010-4251.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[netdev] 20100302 [PATCH 1/8] net: add limit for socket backlog", - "refsource" : "MLIST", - "url" : "http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8eae939f1400326b06d0c9afe53d2a484a326871", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8eae939f1400326b06d0c9afe53d2a484a326871" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=657303", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=657303" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "46637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46637" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "[netdev] 20100302 [PATCH 1/8] net: add limit for socket backlog", + "refsource": "MLIST", + "url": "http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread" + }, + { + "name": "46637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46637" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=657303", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=657303" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8eae939f1400326b06d0c9afe53d2a484a326871", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8eae939f1400326b06d0c9afe53d2a484a326871" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4719.json b/2010/4xxx/CVE-2010-4719.json index f50cfcbb31b..535dac52ac5 100644 --- a/2010/4xxx/CVE-2010-4719.json +++ b/2010/4xxx/CVE-2010-4719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15749", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15749" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt" - }, - { - "name" : "http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56", - "refsource" : "CONFIRM", - "url" : "http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56" - }, - { - "name" : "45440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45440" - }, - { - "name" : "42600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42600" - }, - { - "name" : "jradio-index-file-include(64143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56", + "refsource": "CONFIRM", + "url": "http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56" + }, + { + "name": "http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt" + }, + { + "name": "jradio-index-file-include(64143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64143" + }, + { + "name": "45440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45440" + }, + { + "name": "42600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42600" + }, + { + "name": "15749", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15749" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3764.json b/2014/3xxx/CVE-2014-3764.json index a358cdec6db..c4fd2d30f4d 100644 --- a/2014/3xxx/CVE-2014-3764.json +++ b/2014/3xxx/CVE-2014-3764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/27", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/27" - }, - { - "name" : "61811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61811" + }, + { + "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/27", + "refsource": "CONFIRM", + "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/27" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4038.json b/2014/4xxx/CVE-2014-4038.json index 3baa6a65b46..e38dd3d8535 100644 --- a/2014/4xxx/CVE-2014-4038.json +++ b/2014/4xxx/CVE-2014-4038.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/06/17/1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=882667", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=882667" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109371", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109371" - }, - { - "name" : "RHSA-2015:0383", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0383.html" - }, - { - "name" : "RHSA-2015:1320", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1320.html" - }, - { - "name" : "SUSE-SU-2014:0928", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html" - }, - { - "name" : "68049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68049" - }, - { - "name" : "60616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1320", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1320.html" + }, + { + "name": "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/06/17/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109371", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109371" + }, + { + "name": "RHSA-2015:0383", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0383.html" + }, + { + "name": "60616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60616" + }, + { + "name": "SUSE-SU-2014:0928", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=882667", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=882667" + }, + { + "name": "68049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68049" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4234.json b/2014/4xxx/CVE-2014-4234.json index 0a8d66c3ba1..7d811b8899c 100644 --- a/2014/4xxx/CVE-2014-4234.json +++ b/2014/4xxx/CVE-2014-4234.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68643" - }, - { - "name" : "1030582", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030582" - }, - { - "name" : "59322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59322" - }, - { - "name" : "oracle-cpujul2014-cve20144234(94575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59322" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "1030582", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030582" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "oracle-cpujul2014-cve20144234(94575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94575" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "68643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68643" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4318.json b/2014/4xxx/CVE-2014-4318.json index 2c92febbd99..ea0c323869c 100644 --- a/2014/4xxx/CVE-2014-4318.json +++ b/2014/4xxx/CVE-2014-4318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4386.json b/2014/4xxx/CVE-2014-4386.json index 1ee07845663..f0223191443 100644 --- a/2014/4xxx/CVE-2014-4386.json +++ b/2014/4xxx/CVE-2014-4386.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69936" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144386-priv-esc(96085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "appleios-cve20144386-priv-esc(96085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96085" + }, + { + "name": "69936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69936" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4711.json b/2014/4xxx/CVE-2014-4711.json index b3dd383aa40..6ae28cc8be7 100644 --- a/2014/4xxx/CVE-2014-4711.json +++ b/2014/4xxx/CVE-2014-4711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4771.json b/2014/4xxx/CVE-2014-4771.json index ba8e4e8a8f3..fc8a70e10b9 100644 --- a/2014/4xxx/CVE-2014-4771.json +++ b/2014/4xxx/CVE-2014-4771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696120" - }, - { - "name" : "IV69190", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190" - }, - { - "name" : "ibm-webspheremq-cve20144771-dos(94842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV69190", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV69190" + }, + { + "name": "ibm-webspheremq-cve20144771-dos(94842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94842" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696120", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696120" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4866.json b/2014/4xxx/CVE-2014-4866.json index a78c24d51f0..ca541e8a1dd 100644 --- a/2014/4xxx/CVE-2014-4866.json +++ b/2014/4xxx/CVE-2014-4866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8255.json b/2014/8xxx/CVE-2014-8255.json index 59e211ba1a5..0c836f1aca0 100644 --- a/2014/8xxx/CVE-2014-8255.json +++ b/2014/8xxx/CVE-2014-8255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8431.json b/2014/8xxx/CVE-2014-8431.json index ea0a6402301..803a04f7e48 100644 --- a/2014/8xxx/CVE-2014-8431.json +++ b/2014/8xxx/CVE-2014-8431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8573.json b/2014/8xxx/CVE-2014-8573.json index 3bc650c6c8b..4931b72221b 100644 --- a/2014/8xxx/CVE-2014-8573.json +++ b/2014/8xxx/CVE-2014-8573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8573", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8573", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9059.json b/2014/9xxx/CVE-2014-9059.json index 38edea484e8..09a93d07e64 100644 --- a/2014/9xxx/CVE-2014-9059.json +++ b/2014/9xxx/CVE-2014-9059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275146", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275146" - }, - { - "name" : "71133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71133" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275146", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275146" + }, + { + "name": "71133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71133" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9111.json b/2014/9xxx/CVE-2014-9111.json index e0565a477e5..45eedb79748 100644 --- a/2014/9xxx/CVE-2014-9111.json +++ b/2014/9xxx/CVE-2014-9111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9111", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9111", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9276.json b/2014/9xxx/CVE-2014-9276.json index 7a8dce6e3d4..0db2193f896 100644 --- a/2014/9xxx/CVE-2014-9276.json +++ b/2014/9xxx/CVE-2014-9276.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" - }, - { - "name" : "[oss-security] 20141203 MediaWiki security release - 1.23.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/03/9" - }, - { - "name" : "[oss-security] 20141204 Re: MediaWiki security release - 1.23.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/04/16" - }, - { - "name" : "https://phabricator.wikimedia.org/T73111", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T73111" - }, - { - "name" : "1031301", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1031301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031301", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1031301" + }, + { + "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9" + }, + { + "name": "[oss-security] 20141204 Re: MediaWiki security release - 1.23.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16" + }, + { + "name": "https://phabricator.wikimedia.org/T73111", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T73111" + }, + { + "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2415.json b/2016/2xxx/CVE-2016-2415.json index 5ae5f172d82..516b2660029 100644 --- a/2016/2xxx/CVE-2016-2415.json +++ b/2016/2xxx/CVE-2016-2415.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + }, + { + "name": "https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2482.json b/2016/2xxx/CVE-2016-2482.json index 30aff134e3a..3761e1a1450 100644 --- a/2016/2xxx/CVE-2016-2482.json +++ b/2016/2xxx/CVE-2016-2482.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2674.json b/2016/2xxx/CVE-2016-2674.json index 990265417d4..c178b4fa369 100644 --- a/2016/2xxx/CVE-2016-2674.json +++ b/2016/2xxx/CVE-2016-2674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2674", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2674", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3005.json b/2016/3xxx/CVE-2016-3005.json index f0465cbf7f9..5ab8c1731ed 100644 --- a/2016/3xxx/CVE-2016-3005.json +++ b/2016/3xxx/CVE-2016-3005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" - }, - { - "name" : "LO89929", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" - }, - { - "name" : "92581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" + }, + { + "name": "LO89929", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" + }, + { + "name": "92581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92581" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3046.json b/2016/3xxx/CVE-2016-3046.json index 6ac5d4ade86..70edc1ca165 100644 --- a/2016/3xxx/CVE-2016-3046.json +++ b/2016/3xxx/CVE-2016-3046.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995527", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995527" - }, - { - "name" : "95104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95104" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995527", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995527" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3161.json b/2016/3xxx/CVE-2016-3161.json index be940fd06f6..ee7af3bfb8a 100644 --- a/2016/3xxx/CVE-2016-3161.json +++ b/2016/3xxx/CVE-2016-3161.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-3161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-3161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4213" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/ps500070", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/ps500070" - }, - { - "name" : "93251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/ps500070", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/ps500070" + }, + { + "name": "93251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93251" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3597.json b/2016/3xxx/CVE-2016-3597.json index 91e405ec9d0..8218c07f3a5 100644 --- a/2016/3xxx/CVE-2016-3597.json +++ b/2016/3xxx/CVE-2016-3597.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91864" - }, - { - "name" : "1036384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036384" + }, + { + "name": "91864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91864" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6226.json b/2016/6xxx/CVE-2016-6226.json index 25dfd8cd687..c95b5cc65ee 100644 --- a/2016/6xxx/CVE-2016-6226.json +++ b/2016/6xxx/CVE-2016-6226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6873.json b/2016/6xxx/CVE-2016-6873.json index 2a10c66af8d..8a7c127b8a3 100644 --- a/2016/6xxx/CVE-2016-6873.json +++ b/2016/6xxx/CVE-2016-6873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160811 CVE Requests Facebook HHVM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/11/1" - }, - { - "name" : "[oss-security] 20160818 Re: CVE Requests Facebook HHVM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/19/1" - }, - { - "name" : "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e", - "refsource" : "CONFIRM", - "url" : "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160811 CVE Requests Facebook HHVM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/11/1" + }, + { + "name": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e", + "refsource": "CONFIRM", + "url": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e" + }, + { + "name": "[oss-security] 20160818 Re: CVE Requests Facebook HHVM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6985.json b/2016/6xxx/CVE-2016-6985.json index 0c1d5ba4026..af0d0b44408 100644 --- a/2016/6xxx/CVE-2016-6985.json +++ b/2016/6xxx/CVE-2016-6985.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7059.json b/2016/7xxx/CVE-2016-7059.json index e2c1e5ed93e..c2f0aafb66e 100644 --- a/2016/7xxx/CVE-2016-7059.json +++ b/2016/7xxx/CVE-2016-7059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7059", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7059", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7312.json b/2016/7xxx/CVE-2016-7312.json index 760b836db64..59c6618a2c0 100644 --- a/2016/7xxx/CVE-2016-7312.json +++ b/2016/7xxx/CVE-2016-7312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7312", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7312", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7504.json b/2016/7xxx/CVE-2016-7504.json index b4dc0f96fc4..df423a0d137 100644 --- a/2016/7xxx/CVE-2016-7504.json +++ b/2016/7xxx/CVE-2016-7504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=697142", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=697142" - }, - { - "name" : "94241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=697142", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=697142" + }, + { + "name": "94241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94241" + } + ] + } +} \ No newline at end of file