From aeb6922d47cc5dadc2c46168de083da464950b60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:01:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0273.json | 200 ++++----- 2006/0xxx/CVE-2006-0445.json | 150 +++---- 2006/0xxx/CVE-2006-0477.json | 160 +++---- 2006/0xxx/CVE-2006-0624.json | 180 ++++---- 2006/1xxx/CVE-2006-1287.json | 140 +++--- 2006/1xxx/CVE-2006-1327.json | 170 +++---- 2006/3xxx/CVE-2006-3193.json | 360 +++++++-------- 2006/3xxx/CVE-2006-3274.json | 210 ++++----- 2006/3xxx/CVE-2006-3955.json | 210 ++++----- 2006/4xxx/CVE-2006-4126.json | 200 ++++----- 2006/4xxx/CVE-2006-4186.json | 160 +++---- 2006/4xxx/CVE-2006-4340.json | 850 +++++++++++++++++------------------ 2006/4xxx/CVE-2006-4631.json | 200 ++++----- 2006/4xxx/CVE-2006-4749.json | 130 +++--- 2010/2xxx/CVE-2010-2269.json | 130 +++--- 2010/2xxx/CVE-2010-2323.json | 150 +++---- 2010/3xxx/CVE-2010-3017.json | 120 ++--- 2010/3xxx/CVE-2010-3245.json | 130 +++--- 2010/3xxx/CVE-2010-3970.json | 220 ++++----- 2010/3xxx/CVE-2010-3990.json | 170 +++---- 2010/4xxx/CVE-2010-4901.json | 170 +++---- 2010/4xxx/CVE-2010-4984.json | 160 +++---- 2011/1xxx/CVE-2011-1340.json | 150 +++---- 2011/1xxx/CVE-2011-1352.json | 130 +++--- 2011/1xxx/CVE-2011-1833.json | 170 +++---- 2011/5xxx/CVE-2011-5108.json | 140 +++--- 2011/5xxx/CVE-2011-5248.json | 34 +- 2014/3xxx/CVE-2014-3158.json | 200 ++++----- 2014/3xxx/CVE-2014-3300.json | 160 +++---- 2014/3xxx/CVE-2014-3872.json | 140 +++--- 2014/6xxx/CVE-2014-6834.json | 140 +++--- 2014/6xxx/CVE-2014-6842.json | 140 +++--- 2014/7xxx/CVE-2014-7085.json | 140 +++--- 2014/7xxx/CVE-2014-7548.json | 34 +- 2014/7xxx/CVE-2014-7642.json | 140 +++--- 2014/7xxx/CVE-2014-7663.json | 140 +++--- 2014/7xxx/CVE-2014-7740.json | 140 +++--- 2014/7xxx/CVE-2014-7921.json | 130 +++--- 2014/8xxx/CVE-2014-8177.json | 150 +++---- 2014/8xxx/CVE-2014-8801.json | 180 ++++---- 2014/8xxx/CVE-2014-8814.json | 34 +- 2014/8xxx/CVE-2014-8827.json | 150 +++---- 2014/9xxx/CVE-2014-9720.json | 34 +- 2016/2xxx/CVE-2016-2189.json | 34 +- 2016/2xxx/CVE-2016-2325.json | 34 +- 2016/2xxx/CVE-2016-2418.json | 130 +++--- 2016/2xxx/CVE-2016-2876.json | 130 +++--- 2016/6xxx/CVE-2016-6055.json | 198 ++++---- 2016/6xxx/CVE-2016-6211.json | 160 +++---- 2016/6xxx/CVE-2016-6320.json | 170 +++---- 2016/6xxx/CVE-2016-6363.json | 140 +++--- 2016/6xxx/CVE-2016-6655.json | 130 +++--- 2016/6xxx/CVE-2016-6934.json | 140 +++--- 2017/5xxx/CVE-2017-5296.json | 34 +- 54 files changed, 4273 insertions(+), 4273 deletions(-) diff --git a/2006/0xxx/CVE-2006-0273.json b/2006/0xxx/CVE-2006-0273.json index fea237d4bef..9d07437e0bc 100644 --- a/2006/0xxx/CVE-2006-0273.json +++ b/2006/0xxx/CVE-2006-0273.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0445.json b/2006/0xxx/CVE-2006-0445.json index dcac61a7533..b0bd6dc5cfb 100644 --- a/2006/0xxx/CVE-2006-0445.json +++ b/2006/0xxx/CVE-2006-0445.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by \"\\\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423145/100/0/threaded" - }, - { - "name" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt" - }, - { - "name" : "16391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16391" - }, - { - "name" : "22721", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by \"\\\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423145/100/0/threaded" + }, + { + "name": "16391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16391" + }, + { + "name": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt" + }, + { + "name": "22721", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22721" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0477.json b/2006/0xxx/CVE-2006-0477.json index 2560a293b15..4fef105bca5 100644 --- a/2006/0xxx/CVE-2006-0477.json +++ b/2006/0xxx/CVE-2006-0477.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lwn.net/Articles/169623/", - "refsource" : "CONFIRM", - "url" : "http://lwn.net/Articles/169623/" - }, - { - "name" : "16417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16417" - }, - { - "name" : "ADV-2006-0367", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0367" - }, - { - "name" : "18643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18643" - }, - { - "name" : "git-gitcheckoutindex-bo(24360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lwn.net/Articles/169623/", + "refsource": "CONFIRM", + "url": "http://lwn.net/Articles/169623/" + }, + { + "name": "18643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18643" + }, + { + "name": "16417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16417" + }, + { + "name": "git-gitcheckoutindex-bo(24360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24360" + }, + { + "name": "ADV-2006-0367", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0367" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0624.json b/2006/0xxx/CVE-2006-0624.json index 50ae104e520..de9f04b3f96 100644 --- a/2006/0xxx/CVE-2006-0624.json +++ b/2006/0xxx/CVE-2006-0624.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060208 Whomp Real Estate Manager XP 2005 Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424389/100/0/threaded" - }, - { - "name" : "16544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16544" - }, - { - "name" : "ADV-2006-0489", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0489" - }, - { - "name" : "22969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22969" - }, - { - "name" : "18780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18780" - }, - { - "name" : "418", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/418" - }, - { - "name" : "whomp-login-sql-injection(24592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22969" + }, + { + "name": "18780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18780" + }, + { + "name": "ADV-2006-0489", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0489" + }, + { + "name": "418", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/418" + }, + { + "name": "20060208 Whomp Real Estate Manager XP 2005 Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424389/100/0/threaded" + }, + { + "name": "16544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16544" + }, + { + "name": "whomp-login-sql-injection(24592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24592" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1287.json b/2006/1xxx/CVE-2006-1287.json index 56efc4bda8d..b5624f7c969 100644 --- a/2006/1xxx/CVE-2006-1287.json +++ b/2006/1xxx/CVE-2006-1287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.invisionpower.com/index.php?showtopic=206790", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/index.php?showtopic=206790" - }, - { - "name" : "ADV-2006-0861", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0861" - }, - { - "name" : "19141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19141" + }, + { + "name": "ADV-2006-0861", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0861" + }, + { + "name": "http://forums.invisionpower.com/index.php?showtopic=206790", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/index.php?showtopic=206790" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1327.json b/2006/1xxx/CVE-2006-1327.json index d0dab9b9f48..a867593a2b0 100644 --- a/2006/1xxx/CVE-2006-1327.json +++ b/2006/1xxx/CVE-2006-1327.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1594", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1594" - }, - { - "name" : "17160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17160" - }, - { - "name" : "ADV-2006-1002", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1002" - }, - { - "name" : "23999", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23999" - }, - { - "name" : "19283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19283" - }, - { - "name" : "softbb-reg-sql-injection(25320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23999", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23999" + }, + { + "name": "1594", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1594" + }, + { + "name": "softbb-reg-sql-injection(25320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320" + }, + { + "name": "17160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17160" + }, + { + "name": "19283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19283" + }, + { + "name": "ADV-2006-1002", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1002" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3193.json b/2006/3xxx/CVE-2006-3193.json index 47adff99524..d452efca092 100644 --- a/2006/3xxx/CVE-2006-3193.json +++ b/2006/3xxx/CVE-2006-3193.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1933", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1933" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=428062", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=428062" - }, - { - "name" : "18555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18555" - }, - { - "name" : "ADV-2006-2462", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2462" - }, - { - "name" : "27240", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27240" - }, - { - "name" : "27241", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27241" - }, - { - "name" : "27242", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27242" - }, - { - "name" : "27243", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27243" - }, - { - "name" : "27244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27244" - }, - { - "name" : "27245", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27245" - }, - { - "name" : "27247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27247" - }, - { - "name" : "27248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27248" - }, - { - "name" : "27249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27249" - }, - { - "name" : "27250", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27250" - }, - { - "name" : "27251", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27251" - }, - { - "name" : "27252", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27252" - }, - { - "name" : "27233", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27233" - }, - { - "name" : "27234", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27234" - }, - { - "name" : "27235", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27235" - }, - { - "name" : "27236", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27236" - }, - { - "name" : "27237", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27237" - }, - { - "name" : "27238", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27238" - }, - { - "name" : "27239", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27239" - }, - { - "name" : "27246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27246" - }, - { - "name" : "20768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27251", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27251" + }, + { + "name": "27242", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27242" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=428062", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=428062" + }, + { + "name": "27245", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27245" + }, + { + "name": "27238", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27238" + }, + { + "name": "27250", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27250" + }, + { + "name": "27252", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27252" + }, + { + "name": "27240", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27240" + }, + { + "name": "27241", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27241" + }, + { + "name": "27244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27244" + }, + { + "name": "27246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27246" + }, + { + "name": "27235", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27235" + }, + { + "name": "18555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18555" + }, + { + "name": "27233", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27233" + }, + { + "name": "27234", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27234" + }, + { + "name": "27236", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27236" + }, + { + "name": "1933", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1933" + }, + { + "name": "27239", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27239" + }, + { + "name": "27248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27248" + }, + { + "name": "27249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27249" + }, + { + "name": "27237", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27237" + }, + { + "name": "20768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20768" + }, + { + "name": "ADV-2006-2462", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2462" + }, + { + "name": "27247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27247" + }, + { + "name": "27243", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27243" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3274.json b/2006/3xxx/CVE-2006-3274.json index 19afe9c0aeb..0f1d85ddf19 100644 --- a/2006/3xxx/CVE-2006-3274.json +++ b/2006/3xxx/CVE-2006-3274.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438149/100/0/threaded" - }, - { - "name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html", - "refsource" : "MISC", - "url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html" - }, - { - "name" : "http://www.webmin.com/changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/changes.html" - }, - { - "name" : "JVN#67974490", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2367974490/index.html" - }, - { - "name" : "18613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18613" - }, - { - "name" : "ADV-2006-2493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2493" - }, - { - "name" : "1016375", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016375" - }, - { - "name" : "20777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20777" - }, - { - "name" : "1161", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1161" - }, - { - "name" : "webmin-backslash-directory-traversal(27366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded" + }, + { + "name": "webmin-backslash-directory-traversal(27366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366" + }, + { + "name": "http://www.webmin.com/changes.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/changes.html" + }, + { + "name": "1161", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1161" + }, + { + "name": "1016375", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016375" + }, + { + "name": "20777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20777" + }, + { + "name": "ADV-2006-2493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2493" + }, + { + "name": "JVN#67974490", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2367974490/index.html" + }, + { + "name": "18613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18613" + }, + { + "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html", + "refsource": "MISC", + "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3955.json b/2006/3xxx/CVE-2006-3955.json index 7150cb999f2..8989e2956f6 100644 --- a/2006/3xxx/CVE-2006-3955.json +++ b/2006/3xxx/CVE-2006-3955.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 MiniBB Forum <= 1.5a Remote File Include (news.php)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440875/100/100/threaded" - }, - { - "name" : "20060721 MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440839/100/100/threaded" - }, - { - "name" : "19095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19095" - }, - { - "name" : "28674", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28674" - }, - { - "name" : "28675", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28675" - }, - { - "name" : "28676", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28676" - }, - { - "name" : "1016557", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016557" - }, - { - "name" : "1016558", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016558" - }, - { - "name" : "1315", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1315" - }, - { - "name" : "minibb-multiple-scripts-file-include(27905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1315", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1315" + }, + { + "name": "1016557", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016557" + }, + { + "name": "28675", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28675" + }, + { + "name": "1016558", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016558" + }, + { + "name": "28676", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28676" + }, + { + "name": "20060720 MiniBB Forum <= 1.5a Remote File Include (news.php)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440875/100/100/threaded" + }, + { + "name": "28674", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28674" + }, + { + "name": "19095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19095" + }, + { + "name": "20060721 MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440839/100/100/threaded" + }, + { + "name": "minibb-multiple-scripts-file-include(27905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27905" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4126.json b/2006/4xxx/CVE-2006-4126.json index f61f12d16c3..9f56d936cbb 100644 --- a/2006/4xxx/CVE-2006-4126.json +++ b/2006/4xxx/CVE-2006-4126.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442440/100/0/threaded" - }, - { - "name" : "http://www.dc.ds.pg.gda.pl/", - "refsource" : "CONFIRM", - "url" : "http://www.dc.ds.pg.gda.pl/" - }, - { - "name" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog", - "refsource" : "CONFIRM", - "url" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog" - }, - { - "name" : "19370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19370" - }, - { - "name" : "ADV-2006-3181", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3181" - }, - { - "name" : "1016641", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016641" - }, - { - "name" : "21384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21384" - }, - { - "name" : "1377", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1377" - }, - { - "name" : "dconnect-daemon-dcchat-dos(28279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442440/100/0/threaded" + }, + { + "name": "ADV-2006-3181", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3181" + }, + { + "name": "dconnect-daemon-dcchat-dos(28279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28279" + }, + { + "name": "21384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21384" + }, + { + "name": "19370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19370" + }, + { + "name": "1377", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1377" + }, + { + "name": "http://www.dc.ds.pg.gda.pl/", + "refsource": "CONFIRM", + "url": "http://www.dc.ds.pg.gda.pl/" + }, + { + "name": "1016641", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016641" + }, + { + "name": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog", + "refsource": "CONFIRM", + "url": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4186.json b/2006/4xxx/CVE-2006-4186.json index abacfde8680..7bcc8db7f4b 100644 --- a/2006/4xxx/CVE-2006-4186.json +++ b/2006/4xxx/CVE-2006-4186.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm" - }, - { - "name" : "19499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19499" - }, - { - "name" : "28370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28370" - }, - { - "name" : "1016695", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016695" - }, - { - "name" : "21496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19499" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm" + }, + { + "name": "1016695", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016695" + }, + { + "name": "21496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21496" + }, + { + "name": "28370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28370" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4340.json b/2006/4xxx/CVE-2006-4340.json index 8b4622f4b28..3692939dcce 100644 --- a/2006/4xxx/CVE-2006-4340.json +++ b/2006/4xxx/CVE-2006-4340.json @@ -1,427 +1,427 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 rPSA-2006-0169-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded" - }, - { - "name" : "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error", - "refsource" : "MLIST", - "url" : "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" - }, - { - "name" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/", - "refsource" : "MISC", - "url" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html", - "refsource" : "MISC", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-640", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-640" - }, - { - "name" : "DSA-1191", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1191" - }, - { - "name" : "DSA-1192", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1192" - }, - { - "name" : "DSA-1210", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1210" - }, - { - "name" : "GLSA-200609-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml" - }, - { - "name" : "GLSA-200610-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml" - }, - { - "name" : "GLSA-200610-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "MDKSA-2006:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" - }, - { - "name" : "MDKSA-2006:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" - }, - { - "name" : "RHSA-2006:0676", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html" - }, - { - "name" : "RHSA-2006:0677", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html" - }, - { - "name" : "RHSA-2006:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "102648", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1" - }, - { - "name" : "102781", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1" - }, - { - "name" : "SUSE-SA:2006:054", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" - }, - { - "name" : "SUSE-SA:2006:055", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_55_ssl.html" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-351-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-351-1" - }, - { - "name" : "USN-352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-352-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "TA06-312A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-312A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11007", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007" - }, - { - "name" : "ADV-2006-3617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3617" - }, - { - "name" : "ADV-2006-3622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3622" - }, - { - "name" : "ADV-2006-3899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3899" - }, - { - "name" : "ADV-2007-0293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0293" - }, - { - "name" : "ADV-2007-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1198" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016858", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016858" - }, - { - "name" : "1016859", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016859" - }, - { - "name" : "1016860", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016860" - }, - { - "name" : "21906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21906" - }, - { - "name" : "21949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21949" - }, - { - "name" : "21903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21903" - }, - { - "name" : "21915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21915" - }, - { - "name" : "21916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21916" - }, - { - "name" : "21939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21939" - }, - { - "name" : "21940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21940" - }, - { - "name" : "21950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21950" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22001" - }, - { - "name" : "22025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22025" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22074" - }, - { - "name" : "22088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22088" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22226" - }, - { - "name" : "22247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22247" - }, - { - "name" : "22274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22274" - }, - { - "name" : "22299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22299" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22422" - }, - { - "name" : "22446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22446" - }, - { - "name" : "22849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22849" - }, - { - "name" : "22056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22056" - }, - { - "name" : "22195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22195" - }, - { - "name" : "22992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22992" - }, - { - "name" : "23883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23883" - }, - { - "name" : "22044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22044" - }, - { - "name" : "24711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24711" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-nss-security-bypass(30098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/", + "refsource": "MISC", + "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" + }, + { + "name": "1016858", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016858" + }, + { + "name": "22992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22992" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "1016859", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016859" + }, + { + "name": "RHSA-2006:0676", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" + }, + { + "name": "23883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23883" + }, + { + "name": "ADV-2006-3899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3899" + }, + { + "name": "22044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22044" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "22195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22195" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "USN-352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-352-1" + }, + { + "name": "22446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22446" + }, + { + "name": "21950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21950" + }, + { + "name": "USN-351-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-351-1" + }, + { + "name": "22025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22025" + }, + { + "name": "22056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22056" + }, + { + "name": "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error", + "refsource": "MLIST", + "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" + }, + { + "name": "TA06-312A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html" + }, + { + "name": "22247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22247" + }, + { + "name": "MDKSA-2006:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" + }, + { + "name": "DSA-1191", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1191" + }, + { + "name": "ADV-2007-0293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0293" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "DSA-1210", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1210" + }, + { + "name": "24711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24711" + }, + { + "name": "ADV-2006-3622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3622" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" + }, + { + "name": "1016860", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016860" + }, + { + "name": "22849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22849" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21939" + }, + { + "name": "ADV-2006-3617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3617" + }, + { + "name": "GLSA-200610-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml" + }, + { + "name": "21915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21915" + }, + { + "name": "ADV-2007-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1198" + }, + { + "name": "RHSA-2006:0677", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" + }, + { + "name": "DSA-1192", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1192" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm" + }, + { + "name": "GLSA-200609-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22274" + }, + { + "name": "RHSA-2006:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" + }, + { + "name": "21940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21940" + }, + { + "name": "mozilla-nss-security-bypass(30098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098" + }, + { + "name": "102648", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1" + }, + { + "name": "22001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22001" + }, + { + "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" + }, + { + "name": "21903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21903" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "21906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21906" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "GLSA-200610-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" + }, + { + "name": "22074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22074" + }, + { + "name": "22226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22226" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "22088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22088" + }, + { + "name": "21949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21949" + }, + { + "name": "SUSE-SA:2006:054", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-640", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-640" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html", + "refsource": "MISC", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "SUSE-SA:2006:055", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html" + }, + { + "name": "oval:org.mitre.oval:def:11007", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "102781", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1" + }, + { + "name": "22422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22422" + }, + { + "name": "22299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22299" + }, + { + "name": "MDKSA-2006:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" + }, + { + "name": "21916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21916" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4631.json b/2006/4xxx/CVE-2006-4631.json index 8fd7decb34b..41cc1dfe6d5 100644 --- a/2006/4xxx/CVE-2006-4631.json +++ b/2006/4xxx/CVE-2006-4631.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445087/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/advisories/10060904.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/advisories/10060904.txt" - }, - { - "name" : "2300", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2300" - }, - { - "name" : "ADV-2006-3478", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3478" - }, - { - "name" : "28579", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28579" - }, - { - "name" : "1016785", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016785" - }, - { - "name" : "21761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21761" - }, - { - "name" : "1521", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1521" - }, - { - "name" : "softbb-admin-file-include(28749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2300", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2300" + }, + { + "name": "21761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21761" + }, + { + "name": "28579", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28579" + }, + { + "name": "ADV-2006-3478", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3478" + }, + { + "name": "1016785", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016785" + }, + { + "name": "1521", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1521" + }, + { + "name": "http://acid-root.new.fr/advisories/10060904.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/advisories/10060904.txt" + }, + { + "name": "softbb-admin-file-include(28749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749" + }, + { + "name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4749.json b/2006/4xxx/CVE-2006-4749.json index f6bce0f295c..6aa76011884 100644 --- a/2006/4xxx/CVE-2006-4749.json +++ b/2006/4xxx/CVE-2006-4749.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060910 PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445742/100/0/threaded" - }, - { - "name" : "atm-include-file-include(28874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060910 PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445742/100/0/threaded" + }, + { + "name": "atm-include-file-include(28874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28874" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2269.json b/2010/2xxx/CVE-2010-2269.json index 5fd975147b6..7ef739104e6 100644 --- a/2010/2xxx/CVE-2010-2269.json +++ b/2010/2xxx/CVE-2010-2269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" - }, - { - "name" : "VU#245081", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/245081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" + }, + { + "name": "VU#245081", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/245081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2323.json b/2010/2xxx/CVE-2010-2323.json index 9573332a068..94fbee81f33 100644 --- a/2010/2xxx/CVE-2010-2323.json +++ b/2010/2xxx/CVE-2010-2323.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM10454", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454" - }, - { - "name" : "PM15830", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" - }, - { - "name" : "40096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40096" - }, - { - "name" : "ADV-2010-1411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1411" + }, + { + "name": "PM15830", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" + }, + { + "name": "40096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40096" + }, + { + "name": "PM10454", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3017.json b/2010/3xxx/CVE-2010-3017.json index 8cd50d7d075..e4e6c5fe487 100644 --- a/2010/3xxx/CVE-2010-3017.json +++ b/2010/3xxx/CVE-2010-3017.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2010-3017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100908 ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-09/0057.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100908 ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0057.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3245.json b/2010/3xxx/CVE-2010-3245.json index e24b086a684..879f78bb3f6 100644 --- a/2010/3xxx/CVE-2010-3245.json +++ b/2010/3xxx/CVE-2010-3245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM" - }, - { - "name" : "VU#204055", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/204055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM" + }, + { + "name": "VU#204055", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/204055" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3970.json b/2010/3xxx/CVE-2010-3970.json index f93c9a6c3eb..8badb61d8d7 100644 --- a/2010/3xxx/CVE-2010-3970.json +++ b/2010/3xxx/CVE-2010-3970.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.powerofcommunity.net/speaker.html", - "refsource" : "MISC", - "url" : "http://www.powerofcommunity.net/speaker.html" - }, - { - "name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" - }, - { - "name" : "MS11-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006" - }, - { - "name" : "VU#106516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/106516" - }, - { - "name" : "45662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45662" - }, - { - "name" : "oval:org.mitre.oval:def:11671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671" - }, - { - "name" : "1024932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024932" - }, - { - "name" : "42779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42779" - }, - { - "name" : "ADV-2011-0018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#106516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/106516" + }, + { + "name": "MS11-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" + }, + { + "name": "oval:org.mitre.oval:def:11671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671" + }, + { + "name": "http://www.powerofcommunity.net/speaker.html", + "refsource": "MISC", + "url": "http://www.powerofcommunity.net/speaker.html" + }, + { + "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb", + "refsource": "MISC", + "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx" + }, + { + "name": "ADV-2011-0018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0018" + }, + { + "name": "42779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42779" + }, + { + "name": "45662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45662" + }, + { + "name": "1024932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024932" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3990.json b/2010/3xxx/CVE-2010-3990.json index 9afef685afe..f36b8ed32f8 100644 --- a/2010/3xxx/CVE-2010-3990.json +++ b/2010/3xxx/CVE-2010-3990.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-3990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02599", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811222125961&w=2" - }, - { - "name" : "SSRT100235", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128811222125961&w=2" - }, - { - "name" : "44428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44428" - }, - { - "name" : "68909", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68909" - }, - { - "name" : "1024640", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024640" - }, - { - "name" : "ADV-2010-2785", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2785", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2785" + }, + { + "name": "1024640", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024640" + }, + { + "name": "68909", + "refsource": "OSVDB", + "url": "http://osvdb.org/68909" + }, + { + "name": "SSRT100235", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811222125961&w=2" + }, + { + "name": "44428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44428" + }, + { + "name": "HPSBMA02599", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128811222125961&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4901.json b/2010/4xxx/CVE-2010-4901.json index 05e8acca080..4520b2e4ed6 100644 --- a/2010/4xxx/CVE-2010-4901.json +++ b/2010/4xxx/CVE-2010-4901.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php" - }, - { - "name" : "43020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43020" - }, - { - "name" : "67838", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67838" - }, - { - "name" : "41295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41295" - }, - { - "name" : "8439", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43020" + }, + { + "name": "8439", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8439" + }, + { + "name": "41295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41295" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php" + }, + { + "name": "67838", + "refsource": "OSVDB", + "url": "http://osvdb.org/67838" + }, + { + "name": "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4984.json b/2010/4xxx/CVE-2010-4984.json index 195ab2c525d..7df1459bc25 100644 --- a/2010/4xxx/CVE-2010-4984.json +++ b/2010/4xxx/CVE-2010-4984.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the \"Enter Reference Number Below\" text box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14325", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14325" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt" - }, - { - "name" : "41542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41542" - }, - { - "name" : "8494", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8494" - }, - { - "name" : "notes-notes-sql-injection(60254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the \"Enter Reference Number Below\" text box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "notes-notes-sql-injection(60254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60254" + }, + { + "name": "41542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41542" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt" + }, + { + "name": "8494", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8494" + }, + { + "name": "14325", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14325" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1340.json b/2011/1xxx/CVE-2011-1340.json index bee26b18594..643e1a7ae4a 100644 --- a/2011/1xxx/CVE-2011-1340.json +++ b/2011/1xxx/CVE-2011-1340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.plone.org/plone/changeset/12262", - "refsource" : "CONFIRM", - "url" : "http://dev.plone.org/plone/changeset/12262" - }, - { - "name" : "http://dev.plone.org/plone/ticket/6110", - "refsource" : "CONFIRM", - "url" : "http://dev.plone.org/plone/ticket/6110" - }, - { - "name" : "JVN#41222793", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN41222793/index.html" - }, - { - "name" : "JVNDB-2011-000056", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.plone.org/plone/ticket/6110", + "refsource": "CONFIRM", + "url": "http://dev.plone.org/plone/ticket/6110" + }, + { + "name": "JVNDB-2011-000056", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056" + }, + { + "name": "JVN#41222793", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN41222793/index.html" + }, + { + "name": "http://dev.plone.org/plone/changeset/12262", + "refsource": "CONFIRM", + "url": "http://dev.plone.org/plone/changeset/12262" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1352.json b/2011/1xxx/CVE-2011-1352.json index 79975290308..629f224993b 100644 --- a/2011/1xxx/CVE-2011-1352.json +++ b/2011/1xxx/CVE-2011-1352.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jon.oberheide.org/files/levitator.c", - "refsource" : "MISC", - "url" : "http://jon.oberheide.org/files/levitator.c" - }, - { - "name" : "http://code.google.com/p/android/issues/detail?id=21523", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/android/issues/detail?id=21523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/android/issues/detail?id=21523", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/android/issues/detail?id=21523" + }, + { + "name": "http://jon.oberheide.org/files/levitator.c", + "refsource": "MISC", + "url": "http://jon.oberheide.org/files/levitator.c" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1833.json b/2011/1xxx/CVE-2011-1833.json index 4ad70319a2e..9d0b7ec31b1 100644 --- a/2011/1xxx/CVE-2011-1833.json +++ b/2011/1xxx/CVE-2011-1833.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-1833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731172", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731172" - }, - { - "name" : "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" - }, - { - "name" : "SUSE-SU-2011:0898", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" - }, - { - "name" : "USN-1188-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1188-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" + }, + { + "name": "SUSE-SU-2011:0898", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731172", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731172" + }, + { + "name": "USN-1188-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1188-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5108.json b/2011/5xxx/CVE-2011-5108.json index 7d7bef47960..b52644a4b0d 100644 --- a/2011/5xxx/CVE-2011-5108.json +++ b/2011/5xxx/CVE-2011-5108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt" - }, - { - "name" : "50795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50795" - }, - { - "name" : "adaptcms-config-sql-injection(71483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adaptcms-config-sql-injection(71483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71483" + }, + { + "name": "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt" + }, + { + "name": "50795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50795" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5248.json b/2011/5xxx/CVE-2011-5248.json index 89fb0edee29..78ae90b7eb9 100644 --- a/2011/5xxx/CVE-2011-5248.json +++ b/2011/5xxx/CVE-2011-5248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5248", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5248", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3158.json b/2014/3xxx/CVE-2014-3158.json index a2ef0065374..3e854570266 100644 --- a/2014/3xxx/CVE-2014-3158.json +++ b/2014/3xxx/CVE-2014-3158.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-ppp] 20140810 ppp-2.4.7 released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-ppp&m=140764978420764" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1128748" - }, - { - "name" : "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", - "refsource" : "CONFIRM", - "url" : "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0368.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0368.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3079", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3079" - }, - { - "name" : "FEDORA-2014-9412", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html" - }, - { - "name" : "MDVSA-2015:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135" - }, - { - "name" : "USN-2429-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2429-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2429-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2429-1" + }, + { + "name": "[linux-ppp] 20140810 ppp-2.4.7 released", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-ppp&m=140764978420764" + }, + { + "name": "MDVSA-2015:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748" + }, + { + "name": "FEDORA-2014-9412", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html" + }, + { + "name": "DSA-3079", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3079" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0368.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0368.html" + }, + { + "name": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", + "refsource": "CONFIRM", + "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3300.json b/2014/3xxx/CVE-2014-3300.json index bd881d7d215..1a7edab2c02 100644 --- a/2014/3xxx/CVE-2014-3300.json +++ b/2014/3xxx/CVE-2014-3300.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm" - }, - { - "name" : "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689" - }, - { - "name" : "68331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68331" - }, - { - "name" : "1030515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030515" - }, - { - "name" : "59556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030515" + }, + { + "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm" + }, + { + "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689" + }, + { + "name": "59556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59556" + }, + { + "name": "68331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68331" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3872.json b/2014/3xxx/CVE-2014-3872.json index 372f1622b37..59542bf6ada 100644 --- a/2014/3xxx/CVE-2014-3872.json +++ b/2014/3xxx/CVE-2014-3872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023" - }, - { - "name" : "67310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67310" - }, - { - "name" : "58254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58254" + }, + { + "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023", + "refsource": "CONFIRM", + "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023" + }, + { + "name": "67310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67310" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6834.json b/2014/6xxx/CVE-2014-6834.json index e1ec2b118ae..58b598f818b 100644 --- a/2014/6xxx/CVE-2014-6834.json +++ b/2014/6xxx/CVE-2014-6834.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#262529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/262529" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#262529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/262529" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6842.json b/2014/6xxx/CVE-2014-6842.json index 1636ed615ff..fb904e93a39 100644 --- a/2014/6xxx/CVE-2014-6842.json +++ b/2014/6xxx/CVE-2014-6842.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#698921", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/698921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#698921", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/698921" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7085.json b/2014/7xxx/CVE-2014-7085.json index 19db6321a5f..48bc8131cdb 100644 --- a/2014/7xxx/CVE-2014-7085.json +++ b/2014/7xxx/CVE-2014-7085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#150769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150769" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#150769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150769" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7548.json b/2014/7xxx/CVE-2014-7548.json index 89e3d786d58..af1596f5360 100644 --- a/2014/7xxx/CVE-2014-7548.json +++ b/2014/7xxx/CVE-2014-7548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7548", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7548", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7642.json b/2014/7xxx/CVE-2014-7642.json index 2d26351e2a9..9d2c496d290 100644 --- a/2014/7xxx/CVE-2014-7642.json +++ b/2014/7xxx/CVE-2014-7642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#948137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#948137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7663.json b/2014/7xxx/CVE-2014-7663.json index 51ad1f2c15b..b4569bced98 100644 --- a/2014/7xxx/CVE-2014-7663.json +++ b/2014/7xxx/CVE-2014-7663.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#505849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/505849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#505849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/505849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7740.json b/2014/7xxx/CVE-2014-7740.json index 1f3f7e6f722..f5fa05857eb 100644 --- a/2014/7xxx/CVE-2014-7740.json +++ b/2014/7xxx/CVE-2014-7740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#789473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/789473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#789473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/789473" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7921.json b/2014/7xxx/CVE-2014-7921.json index d30b4fdb899..3b9d80d8b25 100644 --- a/2014/7xxx/CVE-2014-7921.json +++ b/2014/7xxx/CVE-2014-7921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/" - }, - { - "name" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html", - "refsource" : "CONFIRM", - "url" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html", + "refsource": "CONFIRM", + "url": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8177.json b/2014/8xxx/CVE-2014-8177.json index 6d7651b46ed..8e3f4ce0e0a 100644 --- a/2014/8xxx/CVE-2014-8177.json +++ b/2014/8xxx/CVE-2014-8177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/27/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257525", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257525" - }, - { - "name" : "RHSA-2015:1845", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1845.html" - }, - { - "name" : "RHSA-2015:1846", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1846.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1845", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525" + }, + { + "name": "RHSA-2015:1846", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html" + }, + { + "name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8801.json b/2014/8xxx/CVE-2014-8801.json index d857f16a1f4..908fdcdfa68 100644 --- a/2014/8xxx/CVE-2014-8801.json +++ b/2014/8xxx/CVE-2014-8801.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35303", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35303" - }, - { - "name" : "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html" - }, - { - "name" : "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html" - }, - { - "name" : "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/", - "refsource" : "CONFIRM", - "url" : "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/" - }, - { - "name" : "https://wordpress.org/plugins/paid-memberships-pro/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/paid-memberships-pro/changelog/" - }, - { - "name" : "71293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71293" - }, - { - "name" : "paidmembershi-cve20148801-dir-traversal(98805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/", + "refsource": "CONFIRM", + "url": "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/" + }, + { + "name": "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html" + }, + { + "name": "paidmembershi-cve20148801-dir-traversal(98805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98805" + }, + { + "name": "35303", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35303" + }, + { + "name": "https://wordpress.org/plugins/paid-memberships-pro/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/paid-memberships-pro/changelog/" + }, + { + "name": "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html" + }, + { + "name": "71293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71293" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8814.json b/2014/8xxx/CVE-2014-8814.json index 54c1424148b..45443b0d8b2 100644 --- a/2014/8xxx/CVE-2014-8814.json +++ b/2014/8xxx/CVE-2014-8814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8814", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8814", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8827.json b/2014/8xxx/CVE-2014-8827.json index ae33916875a..dbcf8cdcbf2 100644 --- a/2014/8xxx/CVE-2014-8827.json +++ b/2014/8xxx/CVE-2014-8827.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148827-sec-bypass(100521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "macosx-cve20148827-sec-bypass(100521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100521" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9720.json b/2014/9xxx/CVE-2014-9720.json index a2cd00dafac..817a319ccd8 100644 --- a/2014/9xxx/CVE-2014-9720.json +++ b/2014/9xxx/CVE-2014-9720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2189.json b/2016/2xxx/CVE-2016-2189.json index d2b56675bee..08303b6e787 100644 --- a/2016/2xxx/CVE-2016-2189.json +++ b/2016/2xxx/CVE-2016-2189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2189", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2325.json b/2016/2xxx/CVE-2016-2325.json index 1f8a5f1d2ee..3c26a92f597 100644 --- a/2016/2xxx/CVE-2016-2325.json +++ b/2016/2xxx/CVE-2016-2325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2325", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2325", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2418.json b/2016/2xxx/CVE-2016-2418.json index 0042115c5c5..5a92128f10c 100644 --- a/2016/2xxx/CVE-2016-2418.json +++ b/2016/2xxx/CVE-2016-2418.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2876.json b/2016/2xxx/CVE-2016-2876.json index 69b114d3906..d23b1bea528 100644 --- a/2016/2xxx/CVE-2016-2876.json +++ b/2016/2xxx/CVE-2016-2876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987774", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987774" - }, - { - "name" : "95001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987774", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987774" + }, + { + "name": "95001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95001" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6055.json b/2016/6xxx/CVE-2016-6055.json index 4cd682369a2..226ded9b86a 100644 --- a/2016/6xxx/CVE-2016-6055.json +++ b/2016/6xxx/CVE-2016-6055.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995515", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995515", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995515" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6211.json b/2016/6xxx/CVE-2016-6211.json index c48ea7a441b..6d6d44c6cb4 100644 --- a/2016/6xxx/CVE-2016-6211.json +++ b/2016/6xxx/CVE-2016-6211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160713 CVE requests for Drupal Core - SA-CORE-2016-002", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/13/4" - }, - { - "name" : "[oss-security] 20160713 Re: CVE requests for Drupal Core - SA-CORE-2016-002", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/13/7" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2016-002", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-002" - }, - { - "name" : "DSA-3604", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3604" - }, - { - "name" : "91230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3604", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3604" + }, + { + "name": "91230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91230" + }, + { + "name": "[oss-security] 20160713 CVE requests for Drupal Core - SA-CORE-2016-002", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/13/4" + }, + { + "name": "https://www.drupal.org/SA-CORE-2016-002", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-002" + }, + { + "name": "[oss-security] 20160713 Re: CVE requests for Drupal Core - SA-CORE-2016-002", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/13/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6320.json b/2016/6xxx/CVE-2016-6320.json index f58e1f29eee..ce1cc9ff32f 100644 --- a/2016/6xxx/CVE-2016-6320.json +++ b/2016/6xxx/CVE-2016-6320.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/16022", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/16022" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1365785", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1365785" - }, - { - "name" : "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0" - }, - { - "name" : "https://theforeman.org/security.html#2016-6320", - "refsource" : "CONFIRM", - "url" : "https://theforeman.org/security.html#2016-6320" - }, - { - "name" : "RHBA-2016:1885", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2016:1885" - }, - { - "name" : "92431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHBA-2016:1885", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2016:1885" + }, + { + "name": "92431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92431" + }, + { + "name": "https://theforeman.org/security.html#2016-6320", + "refsource": "CONFIRM", + "url": "https://theforeman.org/security.html#2016-6320" + }, + { + "name": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785" + }, + { + "name": "http://projects.theforeman.org/issues/16022", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/16022" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6363.json b/2016/6xxx/CVE-2016-6363.json index 58b6bd4c03e..3a387d76549 100644 --- a/2016/6xxx/CVE-2016-6363.json +++ b/2016/6xxx/CVE-2016-6363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2" - }, - { - "name" : "92511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92511" - }, - { - "name" : "1036645", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036645", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036645" + }, + { + "name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2" + }, + { + "name": "92511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92511" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6655.json b/2016/6xxx/CVE-2016-6655.json index 958324f3b31..a479b817554 100644 --- a/2016/6xxx/CVE-2016-6655.json +++ b/2016/6xxx/CVE-2016-6655.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-6655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2016-6655/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2016-6655/" - }, - { - "name" : "93889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2016-6655/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2016-6655/" + }, + { + "name": "93889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93889" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6934.json b/2016/6xxx/CVE-2016-6934.json index dc719b679c6..9a39eee1a52 100644 --- a/2016/6xxx/CVE-2016-6934.json +++ b/2016/6xxx/CVE-2016-6934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-6934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html" - }, - { - "name" : "94867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94867" - }, - { - "name" : "1037465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94867" + }, + { + "name": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html" + }, + { + "name": "1037465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037465" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5296.json b/2017/5xxx/CVE-2017-5296.json index 9fbd4c94b6e..0a1c60c9f53 100644 --- a/2017/5xxx/CVE-2017-5296.json +++ b/2017/5xxx/CVE-2017-5296.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5296", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5296", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file