From ae7effc67bd581404f59044d9df10d51b2165a37 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:39:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1042.json | 190 +++++++------- 2006/1xxx/CVE-2006-1130.json | 210 +++++++-------- 2006/1xxx/CVE-2006-1168.json | 360 +++++++++++++------------- 2006/1xxx/CVE-2006-1378.json | 160 ++++++------ 2006/1xxx/CVE-2006-1545.json | 170 ++++++------- 2006/1xxx/CVE-2006-1655.json | 180 ++++++------- 2006/5xxx/CVE-2006-5166.json | 150 +++++------ 2006/5xxx/CVE-2006-5323.json | 160 ++++++------ 2006/5xxx/CVE-2006-5450.json | 180 ++++++------- 2007/2xxx/CVE-2007-2146.json | 120 ++++----- 2007/2xxx/CVE-2007-2190.json | 150 +++++------ 2007/2xxx/CVE-2007-2512.json | 160 ++++++------ 2010/0xxx/CVE-2010-0119.json | 190 +++++++------- 2010/0xxx/CVE-2010-0215.json | 130 +++++----- 2010/0xxx/CVE-2010-0303.json | 190 +++++++------- 2010/0xxx/CVE-2010-0947.json | 140 +++++----- 2010/0xxx/CVE-2010-0975.json | 140 +++++----- 2010/1xxx/CVE-2010-1369.json | 150 +++++------ 2010/1xxx/CVE-2010-1745.json | 34 +-- 2010/1xxx/CVE-2010-1889.json | 140 +++++----- 2010/3xxx/CVE-2010-3900.json | 200 +++++++-------- 2010/4xxx/CVE-2010-4114.json | 150 +++++------ 2010/4xxx/CVE-2010-4135.json | 34 +-- 2010/4xxx/CVE-2010-4136.json | 34 +-- 2010/4xxx/CVE-2010-4514.json | 160 ++++++------ 2010/4xxx/CVE-2010-4639.json | 150 +++++------ 2014/0xxx/CVE-2014-0530.json | 34 +-- 2014/0xxx/CVE-2014-0828.json | 150 +++++------ 2014/0xxx/CVE-2014-0882.json | 140 +++++----- 2014/4xxx/CVE-2014-4185.json | 34 +-- 2014/4xxx/CVE-2014-4219.json | 480 +++++++++++++++++------------------ 2014/4xxx/CVE-2014-4421.json | 230 ++++++++--------- 2014/4xxx/CVE-2014-4784.json | 150 +++++------ 2014/4xxx/CVE-2014-4843.json | 130 +++++----- 2014/8xxx/CVE-2014-8104.json | 170 ++++++------- 2014/9xxx/CVE-2014-9010.json | 34 +-- 2014/9xxx/CVE-2014-9212.json | 120 ++++----- 2014/9xxx/CVE-2014-9233.json | 34 +-- 2014/9xxx/CVE-2014-9255.json | 34 +-- 2016/3xxx/CVE-2016-3012.json | 130 +++++----- 2016/3xxx/CVE-2016-3130.json | 140 +++++----- 2016/3xxx/CVE-2016-3567.json | 150 +++++------ 2016/6xxx/CVE-2016-6404.json | 140 +++++----- 2016/6xxx/CVE-2016-6638.json | 34 +-- 2016/6xxx/CVE-2016-6811.json | 122 ++++----- 2016/7xxx/CVE-2016-7479.json | 190 +++++++------- 2016/7xxx/CVE-2016-7739.json | 34 +-- 2016/7xxx/CVE-2016-7840.json | 130 +++++----- 2016/8xxx/CVE-2016-8260.json | 34 +-- 2016/8xxx/CVE-2016-8699.json | 160 ++++++------ 50 files changed, 3518 insertions(+), 3518 deletions(-) diff --git a/2006/1xxx/CVE-2006-1042.json b/2006/1xxx/CVE-2006-1042.json index fb93aed7820..38bb51daeb8 100644 --- a/2006/1xxx/CVE-2006-1042.json +++ b/2006/1xxx/CVE-2006-1042.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060303 Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426656/100/0/threaded" - }, - { - "name" : "16939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16939" - }, - { - "name" : "ADV-2006-0819", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0819" - }, - { - "name" : "23680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23680" - }, - { - "name" : "23681", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23681" - }, - { - "name" : "19102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19102" - }, - { - "name" : "537", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/537" - }, - { - "name" : "gregarius-feed-sql-injection(25059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16939" + }, + { + "name": "20060303 Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426656/100/0/threaded" + }, + { + "name": "gregarius-feed-sql-injection(25059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25059" + }, + { + "name": "23681", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23681" + }, + { + "name": "23680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23680" + }, + { + "name": "537", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/537" + }, + { + "name": "ADV-2006-0819", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0819" + }, + { + "name": "19102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19102" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1130.json b/2006/1xxx/CVE-2006-1130.json index 280003ba37f..1222405c0f2 100644 --- a/2006/1xxx/CVE-2006-1130.json +++ b/2006/1xxx/CVE-2006-1130.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060308 [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427073/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/88/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/88/summary.html" - }, - { - "name" : "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469", - "refsource" : "CONFIRM", - "url" : "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469" - }, - { - "name" : "http://www.ekinboard.com/patch_for_1.0.3.txt", - "refsource" : "MISC", - "url" : "http://www.ekinboard.com/patch_for_1.0.3.txt" - }, - { - "name" : "16861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16861" - }, - { - "name" : "ADV-2006-0758", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0758" - }, - { - "name" : "23546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23546" - }, - { - "name" : "19045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19045" - }, - { - "name" : "558", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/558" - }, - { - "name" : "ekinboard-bbcode-xss(24921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060308 [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded" + }, + { + "name": "558", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/558" + }, + { + "name": "ADV-2006-0758", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0758" + }, + { + "name": "http://evuln.com/vulns/88/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/88/summary.html" + }, + { + "name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469", + "refsource": "CONFIRM", + "url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469" + }, + { + "name": "16861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16861" + }, + { + "name": "19045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19045" + }, + { + "name": "23546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23546" + }, + { + "name": "http://www.ekinboard.com/patch_for_1.0.3.txt", + "refsource": "MISC", + "url": "http://www.ekinboard.com/patch_for_1.0.3.txt" + }, + { + "name": "ekinboard-bbcode-xss(24921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24921" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1168.json b/2006/1xxx/CVE-2006-1168.json index 4333ae24da9..3c599eafc8c 100644 --- a/2006/1xxx/CVE-2006-1168.json +++ b/2006/1xxx/CVE-2006-1168.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-info@sgi.com", + "ID": "CVE-2006-1168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=141728", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=141728" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=728536", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=728536" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100158840", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100158840" - }, - { - "name" : "DSA-1149", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1149" - }, - { - "name" : "GLSA-200610-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-03.xml" - }, - { - "name" : "MDKSA-2006:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140" - }, - { - "name" : "MDVSA-2012:129", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129" - }, - { - "name" : "RHSA-2006:0663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0663.html" - }, - { - "name" : "RHSA-2012:0810", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0810.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SUSE-SR:2006:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" - }, - { - "name" : "19455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19455" - }, - { - "name" : "oval:org.mitre.oval:def:9373", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373" - }, - { - "name" : "ADV-2006-3234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3234" - }, - { - "name" : "1016836", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016836" - }, - { - "name" : "21427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21427" - }, - { - "name" : "21434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21434" - }, - { - "name" : "21437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21437" - }, - { - "name" : "21880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21880" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22296" - }, - { - "name" : "22377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22377" - }, - { - "name" : "21467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21467" - }, - { - "name" : "ncompress-decompress-underflow(28315)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21437" + }, + { + "name": "ncompress-decompress-underflow(28315)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315" + }, + { + "name": "GLSA-200610-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-03.xml" + }, + { + "name": "SUSE-SR:2006:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html" + }, + { + "name": "MDKSA-2006:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140" + }, + { + "name": "22296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22296" + }, + { + "name": "oval:org.mitre.oval:def:9373", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373" + }, + { + "name": "19455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19455" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100158840", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100158840" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=141728", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=141728" + }, + { + "name": "21434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21434" + }, + { + "name": "DSA-1149", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1149" + }, + { + "name": "21467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21467" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "RHSA-2006:0663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html" + }, + { + "name": "ADV-2006-3234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3234" + }, + { + "name": "RHSA-2012:0810", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=728536", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536" + }, + { + "name": "22377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22377" + }, + { + "name": "21427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21427" + }, + { + "name": "1016836", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016836" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "21880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21880" + }, + { + "name": "MDVSA-2012:129", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1378.json b/2006/1xxx/CVE-2006-1378.json index 611108cc4b9..6e24f8c6f00 100644 --- a/2006/1xxx/CVE-2006-1378.json +++ b/2006/1xxx/CVE-2006-1378.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060323 PasswordSafe 3.0 weak random number generator allows key recovery attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428552/100/0/threaded" - }, - { - "name" : "20060907 Re: PasswordSafe 3.0 weak random number generator allows key recovery attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445509/100/0/threaded" - }, - { - "name" : "17200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17200" - }, - { - "name" : "618", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/618" - }, - { - "name" : "passwordsafe-key-brute-force(25429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "passwordsafe-key-brute-force(25429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25429" + }, + { + "name": "618", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/618" + }, + { + "name": "20060323 PasswordSafe 3.0 weak random number generator allows key recovery attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428552/100/0/threaded" + }, + { + "name": "20060907 Re: PasswordSafe 3.0 weak random number generator allows key recovery attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445509/100/0/threaded" + }, + { + "name": "17200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17200" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1545.json b/2006/1xxx/CVE-2006-1545.json index b46b43caa07..f181ea4c532 100644 --- a/2006/1xxx/CVE-2006-1545.json +++ b/2006/1xxx/CVE-2006-1545.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 [eVuln] VNews Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430674/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/112", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/112" - }, - { - "name" : "ADV-2006-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1173" - }, - { - "name" : "24276", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24276" - }, - { - "name" : "19435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19435" - }, - { - "name" : "vnews-config-file-include(25531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24276", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24276" + }, + { + "name": "20060411 [eVuln] VNews Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430674/100/0/threaded" + }, + { + "name": "19435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19435" + }, + { + "name": "ADV-2006-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1173" + }, + { + "name": "http://www.evuln.com/vulns/112", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/112" + }, + { + "name": "vnews-config-file-include(25531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25531" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1655.json b/2006/1xxx/CVE-2006-1655.json index 8aa16fab1fe..75a8899fe1c 100644 --- a/2006/1xxx/CVE-2006-1655.json +++ b/2006/1xxx/CVE-2006-1655.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl" - }, - { - "name" : "DSA-1074", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1074" - }, - { - "name" : "MDKSA-2006:092", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:092" - }, - { - "name" : "17365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17365" - }, - { - "name" : "20240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20240" - }, - { - "name" : "20275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20275" - }, - { - "name" : "20281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1074", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1074" + }, + { + "name": "20281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20281" + }, + { + "name": "20240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20240" + }, + { + "name": "17365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17365" + }, + { + "name": "MDKSA-2006:092", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:092" + }, + { + "name": "20275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20275" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5166.json b/2006/5xxx/CVE-2006-5166.json index 573bb150c27..d11d410a05e 100644 --- a/2006/5xxx/CVE-2006-5166.json +++ b/2006/5xxx/CVE-2006-5166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 EasyBannerFree (functions.php) Remote File Include Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447499/100/0/threaded" - }, - { - "name" : "20295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20295" - }, - { - "name" : "1684", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1684" - }, - { - "name" : "easybannerfree-functions-file-include(29311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061001 EasyBannerFree (functions.php) Remote File Include Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447499/100/0/threaded" + }, + { + "name": "1684", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1684" + }, + { + "name": "20295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20295" + }, + { + "name": "easybannerfree-functions-file-include(29311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29311" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5323.json b/2006/5xxx/CVE-2006-5323.json index 4ab1bf88147..bb1f95a61bf 100644 --- a/2006/5xxx/CVE-2006-5323.json +++ b/2006/5xxx/CVE-2006-5323.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a \"possible security exposure,\" aka PK29360." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951" - }, - { - "name" : "PK29360", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29360&apar=only" - }, - { - "name" : "ADV-2006-4000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4000" - }, - { - "name" : "22372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a \"possible security exposure,\" aka PK29360." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK29360", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29360&apar=only" + }, + { + "name": "22372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22372" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951" + }, + { + "name": "ADV-2006-4000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4000" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5450.json b/2006/5xxx/CVE-2006-5450.json index 1f3c2f9903a..a661303d5d8 100644 --- a/2006/5xxx/CVE-2006-5450.json +++ b/2006/5xxx/CVE-2006-5450.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061019 KICS CMS sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449227/100/0/threaded" - }, - { - "name" : "20607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20607" - }, - { - "name" : "ADV-2006-4130", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4130" - }, - { - "name" : "29901", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29901" - }, - { - "name" : "22493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22493" - }, - { - "name" : "1757", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1757" - }, - { - "name" : "kics-txtpassword-sql-injection(29683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1757", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1757" + }, + { + "name": "20607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20607" + }, + { + "name": "20061019 KICS CMS sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449227/100/0/threaded" + }, + { + "name": "ADV-2006-4130", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4130" + }, + { + "name": "kics-txtpassword-sql-injection(29683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29683" + }, + { + "name": "22493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22493" + }, + { + "name": "29901", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29901" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2146.json b/2007/2xxx/CVE-2007-2146.json index 3e150678ca8..2a7f65e2305 100644 --- a/2007/2xxx/CVE-2007-2146.json +++ b/2007/2xxx/CVE-2007-2146.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2007-1430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1430" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2190.json b/2007/2xxx/CVE-2007-2190.json index 7580ca3869f..f8c5cc1d084 100644 --- a/2007/2xxx/CVE-2007-2190.json +++ b/2007/2xxx/CVE-2007-2190.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070420 Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466406/100/0/threaded" - }, - { - "name" : "http://ebascripts.com/", - "refsource" : "MISC", - "url" : "http://ebascripts.com/" - }, - { - "name" : "2607", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2607" - }, - { - "name" : "ebanews-webpages-file-include(33783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ebascripts.com/", + "refsource": "MISC", + "url": "http://ebascripts.com/" + }, + { + "name": "20070420 Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466406/100/0/threaded" + }, + { + "name": "2607", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2607" + }, + { + "name": "ebanews-webpages-file-include(33783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33783" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2512.json b/2007/2xxx/CVE-2007-2512.json index f4919e0be63..df5ee3b2aee 100644 --- a/2007/2xxx/CVE-2007-2512.json +++ b/2007/2xxx/CVE-2007-2512.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070607 RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470742/100/0/threaded" - }, - { - "name" : "http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php", - "refsource" : "MISC", - "url" : "http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php" - }, - { - "name" : "24360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24360" - }, - { - "name" : "38526", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38526" - }, - { - "name" : "alcatellucent-voip-unauthorized-access(34760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070607 RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470742/100/0/threaded" + }, + { + "name": "24360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24360" + }, + { + "name": "http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php", + "refsource": "MISC", + "url": "http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php" + }, + { + "name": "alcatellucent-voip-unauthorized-access(34760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34760" + }, + { + "name": "38526", + "refsource": "OSVDB", + "url": "http://osvdb.org/38526" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0119.json b/2010/0xxx/CVE-2010-0119.json index b8d97aecbed..e56d87b90d6 100644 --- a/2010/0xxx/CVE-2010-0119.json +++ b/2010/0xxx/CVE-2010-0119.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to \"echoing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100222 Secunia Research: Bournal ccrypt Information Disclosure Security Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509688/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-7/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-7/" - }, - { - "name" : "FEDORA-2010-3168", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html" - }, - { - "name" : "FEDORA-2010-3221", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html" - }, - { - "name" : "FEDORA-2010-3301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html" - }, - { - "name" : "38352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38352" - }, - { - "name" : "38723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38723" - }, - { - "name" : "38814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to \"echoing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100222 Secunia Research: Bournal ccrypt Information Disclosure Security Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509688/100/0/threaded" + }, + { + "name": "FEDORA-2010-3221", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html" + }, + { + "name": "FEDORA-2010-3168", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html" + }, + { + "name": "38352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38352" + }, + { + "name": "38814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38814" + }, + { + "name": "38723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38723" + }, + { + "name": "FEDORA-2010-3301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html" + }, + { + "name": "http://secunia.com/secunia_research/2010-7/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-7/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0215.json b/2010/0xxx/CVE-2010-0215.json index 443b3def8ed..a9660e896eb 100644 --- a/2010/0xxx/CVE-2010-0215.json +++ b/2010/0xxx/CVE-2010-0215.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2", - "refsource" : "CONFIRM", - "url" : "http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2" - }, - { - "name" : "VU#236703", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/236703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#236703", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/236703" + }, + { + "name": "http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2", + "refsource": "CONFIRM", + "url": "http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0303.json b/2010/0xxx/CVE-2010-0303.json index 19b61cb2abd..4794b997e83 100644 --- a/2010/0xxx/CVE-2010-0303.json +++ b/2010/0xxx/CVE-2010-0303.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a \":help \\t\" private message to the MemoServ service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100129 Re: CVE id: hybserv", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126476591925300&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389" - }, - { - "name" : "http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz" - }, - { - "name" : "DSA-1982", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1982" - }, - { - "name" : "38006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38006" - }, - { - "name" : "38350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38350" - }, - { - "name" : "38352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38352" - }, - { - "name" : "hybserv2-privatemessage-dos(55992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a \":help \\t\" private message to the MemoServ service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38006" + }, + { + "name": "http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz" + }, + { + "name": "hybserv2-privatemessage-dos(55992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55992" + }, + { + "name": "[oss-security] 20100129 Re: CVE id: hybserv", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126476591925300&w=2" + }, + { + "name": "38350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38350" + }, + { + "name": "DSA-1982", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1982" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389" + }, + { + "name": "38352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38352" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0947.json b/2010/0xxx/CVE-2010-0947.json index dbf98563d0a..49fa5508edf 100644 --- a/2010/0xxx/CVE-2010-0947.json +++ b/2010/0xxx/CVE-2010-0947.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100306 [xss] a xss on \"action\" parameter in BBSMAX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509905/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/bbsmax-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/bbsmax-xss.txt" - }, - { - "name" : "38592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100306 [xss] a xss on \"action\" parameter in BBSMAX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509905/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/bbsmax-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/bbsmax-xss.txt" + }, + { + "name": "38592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38592" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0975.json b/2010/0xxx/CVE-2010-0975.json index 65031b31811..fb07a964f51 100644 --- a/2010/0xxx/CVE-2010-0975.json +++ b/2010/0xxx/CVE-2010-0975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/phpcityportal-sqlrfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/phpcityportal-sqlrfi.txt" - }, - { - "name" : "11678", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11678" - }, - { - "name" : "phpcityportal-external-file-include(56812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcityportal-external-file-include(56812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56812" + }, + { + "name": "11678", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11678" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/phpcityportal-sqlrfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/phpcityportal-sqlrfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1369.json b/2010/1xxx/CVE-2010-1369.json index be0ad579c33..c30068f5a31 100644 --- a/2010/1xxx/CVE-2010-1369.json +++ b/2010/1xxx/CVE-2010-1369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt" - }, - { - "name" : "11589", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11589" - }, - { - "name" : "38446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38446" - }, - { - "name" : "38768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt" + }, + { + "name": "38768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38768" + }, + { + "name": "38446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38446" + }, + { + "name": "11589", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11589" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1745.json b/2010/1xxx/CVE-2010-1745.json index 7a9e7390b8c..19c8dd0c34c 100644 --- a/2010/1xxx/CVE-2010-1745.json +++ b/2010/1xxx/CVE-2010-1745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1745", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1867. Reason: This candidate is a duplicate of CVE-2010-1867. Notes: All CVE users should reference CVE-2010-1867 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-1745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1867. Reason: This candidate is a duplicate of CVE-2010-1867. Notes: All CVE users should reference CVE-2010-1867 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1889.json b/2010/1xxx/CVE-2010-1889.json index 0f9d957d94d..33906c3b2f3 100644 --- a/2010/1xxx/CVE-2010-1889.json +++ b/2010/1xxx/CVE-2010-1889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka \"Windows Kernel Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11044", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka \"Windows Kernel Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:11044", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11044" + }, + { + "name": "MS10-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3900.json b/2010/3xxx/CVE-2010-3900.json index 701ebf293bb..bbb83af3477 100644 --- a/2010/3xxx/CVE-2010-3900.json +++ b/2010/3xxx/CVE-2010-3900.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/17/6" - }, - { - "name" : "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/", - "refsource" : "MISC", - "url" : "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/" - }, - { - "name" : "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743", - "refsource" : "MISC", - "url" : "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743" - }, - { - "name" : "http://git.xfce.org/apps/midori/tree/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://git.xfce.org/apps/midori/tree/ChangeLog" - }, - { - "name" : "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168", - "refsource" : "CONFIRM", - "url" : "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168" - }, - { - "name" : "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html", - "refsource" : "CONFIRM", - "url" : "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168", + "refsource": "CONFIRM", + "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/", + "refsource": "MISC", + "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/" + }, + { + "name": "http://git.xfce.org/apps/midori/tree/ChangeLog", + "refsource": "CONFIRM", + "url": "http://git.xfce.org/apps/midori/tree/ChangeLog" + }, + { + "name": "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html", + "refsource": "CONFIRM", + "url": "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6" + }, + { + "name": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743", + "refsource": "MISC", + "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4114.json b/2010/4xxx/CVE-2010-4114.json index ca0db527234..ac23f5dd820 100644 --- a/2010/4xxx/CVE-2010-4114.json +++ b/2010/4xxx/CVE-2010-4114.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02617", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515286" - }, - { - "name" : "SSRT100338", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515286" - }, - { - "name" : "1024903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024903" - }, - { - "name" : "42637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024903" + }, + { + "name": "HPSBMA02617", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515286" + }, + { + "name": "SSRT100338", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515286" + }, + { + "name": "42637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42637" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4135.json b/2010/4xxx/CVE-2010-4135.json index 71e5243c546..6c544a5f7c2 100644 --- a/2010/4xxx/CVE-2010-4135.json +++ b/2010/4xxx/CVE-2010-4135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4135", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4135", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4136.json b/2010/4xxx/CVE-2010-4136.json index c62000173c2..c2407d540be 100644 --- a/2010/4xxx/CVE-2010-4136.json +++ b/2010/4xxx/CVE-2010-4136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4136", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4136", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4514.json b/2010/4xxx/CVE-2010-4514.json index 3492656da67..68b4ae2c4e7 100644 --- a/2010/4xxx/CVE-2010-4514.json +++ b/2010/4xxx/CVE-2010-4514.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/96378/PR10-19.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96378/PR10-19.txt" - }, - { - "name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19" - }, - { - "name" : "45180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45180" - }, - { - "name" : "1024828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024828" - }, - { - "name" : "42478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/view/96378/PR10-19.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96378/PR10-19.txt" + }, + { + "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19", + "refsource": "MISC", + "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19" + }, + { + "name": "1024828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024828" + }, + { + "name": "42478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42478" + }, + { + "name": "45180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45180" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4639.json b/2010/4xxx/CVE-2010-4639.json index 7fe4fcede58..0e8a3d84b74 100644 --- a/2010/4xxx/CVE-2010-4639.json +++ b/2010/4xxx/CVE-2010-4639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15402", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15402" - }, - { - "name" : "http://packetstormsecurity.org/1011-exploits/mysourcematrix-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1011-exploits/mysourcematrix-sql.txt" - }, - { - "name" : "44612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44612" - }, - { - "name" : "mysourcematrix-index-sql-injection(62961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15402", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15402" + }, + { + "name": "44612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44612" + }, + { + "name": "http://packetstormsecurity.org/1011-exploits/mysourcematrix-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1011-exploits/mysourcematrix-sql.txt" + }, + { + "name": "mysourcematrix-index-sql-injection(62961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62961" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0530.json b/2014/0xxx/CVE-2014-0530.json index 9449deebfa1..bcb3ebf9f73 100644 --- a/2014/0xxx/CVE-2014-0530.json +++ b/2014/0xxx/CVE-2014-0530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0530", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0828.json b/2014/0xxx/CVE-2014-0828.json index fd96e7f7163..d15ddf871bf 100644 --- a/2014/0xxx/CVE-2014-0828.json +++ b/2014/0xxx/CVE-2014-0828.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667016", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667016" - }, - { - "name" : "PI10734", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734" - }, - { - "name" : "66556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66556" - }, - { - "name" : "ibm-wsportal-cve20140828-wcm-xss(90566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016" + }, + { + "name": "PI10734", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734" + }, + { + "name": "ibm-wsportal-cve20140828-wcm-xss(90566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566" + }, + { + "name": "66556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66556" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0882.json b/2014/0xxx/CVE-2014-0882.json index 6c078eaac76..0703e88a111 100644 --- a/2014/0xxx/CVE-2014-0882.json +++ b/2014/0xxx/CVE-2014-0882.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/ht114525", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/ht114525" - }, - { - "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/" - }, - { - "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/ht114525", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/ht114525" + }, + { + "name": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/" + }, + { + "name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4185.json b/2014/4xxx/CVE-2014-4185.json index fce7d90f5ae..c13c5ab83d6 100644 --- a/2014/4xxx/CVE-2014-4185.json +++ b/2014/4xxx/CVE-2014-4185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4219.json b/2014/4xxx/CVE-2014-4219.json index 3087d57ab60..e26ec41b75d 100644 --- a/2014/4xxx/CVE-2014-4219.json +++ b/2014/4xxx/CVE-2014-4219.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" - }, - { - "name" : "DSA-2980", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2980" - }, - { - "name" : "DSA-2987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2987" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "RHSA-2014:0902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0902" - }, - { - "name" : "RHSA-2014:0908", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0908" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "68620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68620" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60245" - }, - { - "name" : "60081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60081" - }, - { - "name" : "60317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60317" - }, - { - "name" : "61577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61577" - }, - { - "name" : "61640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61640" - }, - { - "name" : "59404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59404" - }, - { - "name" : "60817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60817" - }, - { - "name" : "60485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60485" - }, - { - "name" : "59985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59985" - }, - { - "name" : "59986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59986" - }, - { - "name" : "59924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59924" - }, - { - "name" : "59987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59987" - }, - { - "name" : "59680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59680" - }, - { - "name" : "60622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60622" - }, - { - "name" : "60129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60129" - }, - { - "name" : "60812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60812" - }, - { - "name" : "oracle-cpujul2014-cve20144219(94589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2987" + }, + { + "name": "60129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60129" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "DSA-2980", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2980" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "59987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59987" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "60812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60812" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "59986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59986" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "60245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60245" + }, + { + "name": "60817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60817" + }, + { + "name": "59924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59924" + }, + { + "name": "61577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61577" + }, + { + "name": "RHSA-2014:0908", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0908" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60485" + }, + { + "name": "59680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59680" + }, + { + "name": "oracle-cpujul2014-cve20144219(94589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94589" + }, + { + "name": "68620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68620" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" + }, + { + "name": "60622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60622" + }, + { + "name": "60081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60081" + }, + { + "name": "RHSA-2014:0902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0902" + }, + { + "name": "59985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59985" + }, + { + "name": "61640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61640" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "60317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60317" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "59404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59404" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4421.json b/2014/4xxx/CVE-2014-4421.json index 5e1d06f049e..f3e32ebba48 100644 --- a/2014/4xxx/CVE-2014-4421.json +++ b/2014/4xxx/CVE-2014-4421.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69924" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleioscve20144421-info-disc(96103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69924" + }, + { + "name": "appleioscve20144421-info-disc(96103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96103" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4784.json b/2014/4xxx/CVE-2014-4784.json index ba3861c29e9..a1a385fa62d 100644 --- a/2014/4xxx/CVE-2014-4784.json +++ b/2014/4xxx/CVE-2014-4784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" - }, - { - "name" : "69698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69698" - }, - { - "name" : "60996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60996" - }, - { - "name" : "ibm-imds-cve20144784-frame-injection(95031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-imds-cve20144784-frame-injection(95031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" + }, + { + "name": "60996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60996" + }, + { + "name": "69698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69698" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4843.json b/2014/4xxx/CVE-2014-4843.json index 663ab159a9a..24d93996409 100644 --- a/2014/4xxx/CVE-2014-4843.json +++ b/2014/4xxx/CVE-2014-4843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698548", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698548" - }, - { - "name" : "73943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73943" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8104.json b/2014/8xxx/CVE-2014-8104.json index 8788f16046f..8ae6e280176 100644 --- a/2014/8xxx/CVE-2014-8104.json +++ b/2014/8xxx/CVE-2014-8104.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b", - "refsource" : "CONFIRM", - "url" : "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0512.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0512.html" - }, - { - "name" : "DSA-3084", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3084" - }, - { - "name" : "MDVSA-2015:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139" - }, - { - "name" : "openSUSE-SU-2014:1594", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html" - }, - { - "name" : "USN-2430-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2430-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0512.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0512.html" + }, + { + "name": "USN-2430-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2430-1" + }, + { + "name": "DSA-3084", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3084" + }, + { + "name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b", + "refsource": "CONFIRM", + "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b" + }, + { + "name": "openSUSE-SU-2014:1594", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9010.json b/2014/9xxx/CVE-2014-9010.json index 1a93dc75d58..f537300c726 100644 --- a/2014/9xxx/CVE-2014-9010.json +++ b/2014/9xxx/CVE-2014-9010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9010", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9010", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9212.json b/2014/9xxx/CVE-2014-9212.json index 6a8f86a8bea..f620520f7f0 100644 --- a/2014/9xxx/CVE-2014-9212.json +++ b/2014/9xxx/CVE-2014-9212.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129372/Altitude-uAgent-Altitude-uCI-7.5-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129372/Altitude-uAgent-Altitude-uCI-7.5-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129372/Altitude-uAgent-Altitude-uCI-7.5-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129372/Altitude-uAgent-Altitude-uCI-7.5-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9233.json b/2014/9xxx/CVE-2014-9233.json index 71502df2de6..4138f3140bd 100644 --- a/2014/9xxx/CVE-2014-9233.json +++ b/2014/9xxx/CVE-2014-9233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9233", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9233", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9255.json b/2014/9xxx/CVE-2014-9255.json index 0753ae61ec5..a4046f7f46e 100644 --- a/2014/9xxx/CVE-2014-9255.json +++ b/2014/9xxx/CVE-2014-9255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3012.json b/2016/3xxx/CVE-2016-3012.json index 0beddd5f38d..74c47d7720c 100644 --- a/2016/3xxx/CVE-2016-3012.json +++ b/2016/3xxx/CVE-2016-3012.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988212", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988212" - }, - { - "name" : "92417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92417" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988212", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988212" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3130.json b/2016/3xxx/CVE-2016-3130.json index 2b0fbc5f679..fa9547347b4 100644 --- a/2016/3xxx/CVE-2016-3130.json +++ b/2016/3xxx/CVE-2016-3130.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@blackberry.com", - "ID" : "CVE-2016-3130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BES12 versions through 12.5.2", - "version" : { - "version_data" : [ - { - "version_value" : "BES12 versions through 12.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@blackberry.com", + "ID": "CVE-2016-3130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BES12 versions through 12.5.2", + "version": { + "version_data": [ + { + "version_value": "BES12 versions through 12.5.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038914", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038914" - }, - { - "name" : "95924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95924" - }, - { - "name" : "1037584", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038914", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038914" + }, + { + "name": "95924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95924" + }, + { + "name": "1037584", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037584" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3567.json b/2016/3xxx/CVE-2016-3567.json index 85b3b5dc394..8f270696244 100644 --- a/2016/3xxx/CVE-2016-3567.json +++ b/2016/3xxx/CVE-2016-3567.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91862" - }, - { - "name" : "1036393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91862" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036393" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6404.json b/2016/6xxx/CVE-2016-6404.json index fd20a3d635e..240e2de8346 100644 --- a/2016/6xxx/CVE-2016-6404.json +++ b/2016/6xxx/CVE-2016-6404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160914 Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios" - }, - { - "name" : "92963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92963" - }, - { - "name" : "1036834", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92963" + }, + { + "name": "1036834", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036834" + }, + { + "name": "20160914 Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6638.json b/2016/6xxx/CVE-2016-6638.json index f53ce9e7b16..7a287e4ab78 100644 --- a/2016/6xxx/CVE-2016-6638.json +++ b/2016/6xxx/CVE-2016-6638.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6638", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6638", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6811.json b/2016/6xxx/CVE-2016-6811.json index 26d31a28159..2794cdd128d 100644 --- a/2016/6xxx/CVE-2016-6811.json +++ b/2016/6xxx/CVE-2016-6811.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-05-01T00:00:00", - "ID" : "CVE-2016-6811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-05-01T00:00:00", + "ID": "CVE-2016-6811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[general] 20180501 CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[general] 20180501 CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7479.json b/2016/7xxx/CVE-2016-7479.json index 8e845d685df..2095e2d0473 100644 --- a/2016/7xxx/CVE-2016-7479.json +++ b/2016/7xxx/CVE-2016-7479.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2016-7479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PHP 7.x", - "version" : { - "version_data" : [ - { - "version_value" : "PHP 7.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2016-7479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP 7.x", + "version": { + "version_data": [ + { + "version_value": "PHP 7.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7", - "refsource" : "MISC", - "url" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7" - }, - { - "name" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf", - "refsource" : "MISC", - "url" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73092", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=73092" - }, - { - "name" : "https://www.youtube.com/watch?v=LDcaPstAuPk", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=LDcaPstAuPk" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "95151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95151" - }, - { - "name" : "1037659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf", + "refsource": "MISC", + "url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf" + }, + { + "name": "https://www.youtube.com/watch?v=LDcaPstAuPk", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=LDcaPstAuPk" + }, + { + "name": "https://bugs.php.net/bug.php?id=73092", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=73092" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" + }, + { + "name": "95151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95151" + }, + { + "name": "1037659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037659" + }, + { + "name": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7", + "refsource": "MISC", + "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7739.json b/2016/7xxx/CVE-2016-7739.json index 1c3cd3413a1..63b59981a17 100644 --- a/2016/7xxx/CVE-2016-7739.json +++ b/2016/7xxx/CVE-2016-7739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7739", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7739", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7840.json b/2016/7xxx/CVE-2016-7840.json index 17a545920d9..c5176f6c260 100644 --- a/2016/7xxx/CVE-2016-7840.json +++ b/2016/7xxx/CVE-2016-7840.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WEB SCHEDULE", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Olive Design" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WEB SCHEDULE", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Olive Design" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#12124922", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN12124922/index.html" - }, - { - "name" : "95312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#12124922", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN12124922/index.html" + }, + { + "name": "95312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95312" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8260.json b/2016/8xxx/CVE-2016-8260.json index 92a33eb7fc6..c00ea6133c1 100644 --- a/2016/8xxx/CVE-2016-8260.json +++ b/2016/8xxx/CVE-2016-8260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8260", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8260", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8699.json b/2016/8xxx/CVE-2016-8699.json index e11ce19a2e4..5cff582c5e9 100644 --- a/2016/8xxx/CVE-2016-8699.json +++ b/2016/8xxx/CVE-2016-8699.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" - }, - { - "name" : "http://potrace.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://potrace.sourceforge.net/ChangeLog" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "http://potrace.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://potrace.sourceforge.net/ChangeLog" + } + ] + } +} \ No newline at end of file