diff --git a/2006/1xxx/CVE-2006-1139.json b/2006/1xxx/CVE-2006-1139.json index f9919b1d7e6..61258b78de7 100644 --- a/2006/1xxx/CVE-2006-1139.json +++ b/2006/1xxx/CVE-2006-1139.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" - }, - { - "name" : "ADV-2006-0857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0857" - }, - { - "name" : "23728", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23728" - }, - { - "name" : "1015738", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015738" - }, - { - "name" : "19146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19146" - }, - { - "name" : "xerox-image-overwrite-dos(25176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" + }, + { + "name": "ADV-2006-0857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0857" + }, + { + "name": "19146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19146" + }, + { + "name": "xerox-image-overwrite-dos(25176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25176" + }, + { + "name": "23728", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23728" + }, + { + "name": "1015738", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015738" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1290.json b/2006/1xxx/CVE-2006-1290.json index e0aa29b7646..33d066aa0dc 100644 --- a/2006/1xxx/CVE-2006-1290.json +++ b/2006/1xxx/CVE-2006-1290.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060316 Milkeyway Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427890/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt" - }, - { - "name" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt" - }, - { - "name" : "17127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17127" - }, - { - "name" : "ADV-2006-0968", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0968" - }, - { - "name" : "23932", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23932" - }, - { - "name" : "23933", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23933" - }, - { - "name" : "1015778", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015778" - }, - { - "name" : "19258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19258" - }, - { - "name" : "milkeyway-multiple-xss(25288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060316 Milkeyway Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427890/100/0/threaded" + }, + { + "name": "1015778", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015778" + }, + { + "name": "23933", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23933" + }, + { + "name": "milkeyway-multiple-xss(25288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25288" + }, + { + "name": "17127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17127" + }, + { + "name": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt" + }, + { + "name": "ADV-2006-0968", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0968" + }, + { + "name": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt" + }, + { + "name": "23932", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23932" + }, + { + "name": "19258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19258" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5031.json b/2006/5xxx/CVE-2006-5031.json index 6e6e218a8b3..a8cfc5cf6ae 100644 --- a/2006/5xxx/CVE-2006-5031.json +++ b/2006/5xxx/CVE-2006-5031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00114-09212006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00114-09212006" - }, - { - "name" : "http://cakeforge.org/frs/shownotes.php?release_id=134", - "refsource" : "CONFIRM", - "url" : "http://cakeforge.org/frs/shownotes.php?release_id=134" - }, - { - "name" : "20150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20150" - }, - { - "name" : "22040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22040" - }, - { - "name" : "cakephp-vendors-information-disclosure(29115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cakephp-vendors-information-disclosure(29115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115" + }, + { + "name": "22040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22040" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00114-09212006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00114-09212006" + }, + { + "name": "http://cakeforge.org/frs/shownotes.php?release_id=134", + "refsource": "CONFIRM", + "url": "http://cakeforge.org/frs/shownotes.php?release_id=134" + }, + { + "name": "20150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20150" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5182.json b/2006/5xxx/CVE-2006-5182.json index 807c6157547..e71265cde83 100644 --- a/2006/5xxx/CVE-2006-5182.json +++ b/2006/5xxx/CVE-2006-5182.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2471", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2471" - }, - { - "name" : "20321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20321" - }, - { - "name" : "ADV-2006-3897", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3897" - }, - { - "name" : "22194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22194" - }, - { - "name" : "travelsized-frontpage-file-include(29337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22194" + }, + { + "name": "travelsized-frontpage-file-include(29337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29337" + }, + { + "name": "20321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20321" + }, + { + "name": "2471", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2471" + }, + { + "name": "ADV-2006-3897", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3897" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5409.json b/2006/5xxx/CVE-2006-5409.json index 32632cbfad8..c7a5cd8c8c6 100644 --- a/2006/5xxx/CVE-2006-5409.json +++ b/2006/5xxx/CVE-2006-5409.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449118/100/0/threaded" - }, - { - "name" : "20605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20605" - }, - { - "name" : "ADV-2006-4132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4132" - }, - { - "name" : "29917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29917" - }, - { - "name" : "1017091", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017091" - }, - { - "name" : "22494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29917" + }, + { + "name": "20605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20605" + }, + { + "name": "ADV-2006-4132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4132" + }, + { + "name": "20061018 Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449118/100/0/threaded" + }, + { + "name": "22494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22494" + }, + { + "name": "1017091", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017091" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5635.json b/2006/5xxx/CVE-2006-5635.json index e6bf59a5fe6..72f5d104294 100644 --- a/2006/5xxx/CVE-2006-5635.json +++ b/2006/5xxx/CVE-2006-5635.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061028 SQL in WebWizForum by almaster hacker", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450034/100/0/threaded" - }, - { - "name" : "20778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20778" - }, - { - "name" : "1801", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1801" - }, - { - "name" : "webwizforum-search-sql-injection(29898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1801", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1801" + }, + { + "name": "20061028 SQL in WebWizForum by almaster hacker", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450034/100/0/threaded" + }, + { + "name": "webwizforum-search-sql-injection(29898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29898" + }, + { + "name": "20778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20778" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5801.json b/2006/5xxx/CVE-2006-5801.json index de5e0409b82..583f874a1e7 100644 --- a/2006/5xxx/CVE-2006-5801.json +++ b/2006/5xxx/CVE-2006-5801.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461204", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461204" - }, - { - "name" : "20953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20953" - }, - { - "name" : "ADV-2006-4381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4381" - }, - { - "name" : "22700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22700" - }, - { - "name" : "owfs-owserver-dos(30080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "owfs-owserver-dos(30080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30080" + }, + { + "name": "ADV-2006-4381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4381" + }, + { + "name": "20953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20953" + }, + { + "name": "22700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22700" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461204", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461204" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5845.json b/2006/5xxx/CVE-2006-5845.json index dad1d9ca621..79c446a7db1 100644 --- a/2006/5xxx/CVE-2006-5845.json +++ b/2006/5xxx/CVE-2006-5845.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116302805802656&w=2" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9" - }, - { - "name" : "ADV-2006-4421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4421" - }, - { - "name" : "1017201", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017201" - }, - { - "name" : "22788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22788" - }, - { - "name" : "speedwiki-index-file-upload(30131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2" + }, + { + "name": "speedwiki-index-file-upload(30131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131" + }, + { + "name": "22788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22788" + }, + { + "name": "ADV-2006-4421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4421" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9" + }, + { + "name": "1017201", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017201" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2098.json b/2007/2xxx/CVE-2007-2098.json index ba9cbc4ff6a..e2b619b7762 100644 --- a/2007/2xxx/CVE-2007-2098.json +++ b/2007/2xxx/CVE-2007-2098.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070416 Wabbit PHP Gallery v0.9 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465985/100/0/threaded" - }, - { - "name" : "23526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23526" - }, - { - "name" : "34994", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34994" - }, - { - "name" : "24943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24943" - }, - { - "name" : "2574", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2574" - }, - { - "name" : "wabbit-showpic-xss(33717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2574", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2574" + }, + { + "name": "24943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24943" + }, + { + "name": "20070416 Wabbit PHP Gallery v0.9 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465985/100/0/threaded" + }, + { + "name": "34994", + "refsource": "OSVDB", + "url": "http://osvdb.org/34994" + }, + { + "name": "wabbit-showpic-xss(33717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33717" + }, + { + "name": "23526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23526" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2181.json b/2007/2xxx/CVE-2007-2181.json index dcb289a80df..f9acce6ba49 100644 --- a/2007/2xxx/CVE-2007-2181.json +++ b/2007/2xxx/CVE-2007-2181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3778", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3778" - }, - { - "name" : "23592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23592" - }, - { - "name" : "ADV-2007-1494", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1494" - }, - { - "name" : "35261", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35261" - }, - { - "name" : "24958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24958" - }, - { - "name" : "webinstafm-login-file-include(33793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3778", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3778" + }, + { + "name": "webinstafm-login-file-include(33793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793" + }, + { + "name": "ADV-2007-1494", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1494" + }, + { + "name": "23592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23592" + }, + { + "name": "24958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24958" + }, + { + "name": "35261", + "refsource": "OSVDB", + "url": "http://osvdb.org/35261" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2211.json b/2007/2xxx/CVE-2007-2211.json index 4a06f59bdc3..22187e4a2a5 100644 --- a/2007/2xxx/CVE-2007-2211.json +++ b/2007/2xxx/CVE-2007-2211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3780", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3780" - }, - { - "name" : "23612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23612" - }, - { - "name" : "ADV-2007-1510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1510" - }, - { - "name" : "24967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24967" - }, - { - "name" : "mybb-calendar-sql-injection(33814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23612" + }, + { + "name": "ADV-2007-1510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1510" + }, + { + "name": "24967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24967" + }, + { + "name": "3780", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3780" + }, + { + "name": "mybb-calendar-sql-injection(33814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2678.json b/2007/2xxx/CVE-2007-2678.json index bf6e5726535..3fe5feea42c 100644 --- a/2007/2xxx/CVE-2007-2678.json +++ b/2007/2xxx/CVE-2007-2678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070417 Netsprint Toolbar 1.1 arbitrary remote code vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465980/100/0/threaded" - }, - { - "name" : "20070417 Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465992/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070417 Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465992/100/0/threaded" + }, + { + "name": "20070417 Netsprint Toolbar 1.1 arbitrary remote code vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465980/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2808.json b/2007/2xxx/CVE-2007-2808.json index 143b49704fc..0849410c594 100644 --- a/2007/2xxx/CVE-2007-2808.json +++ b/2007/2xxx/CVE-2007-2808.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/05/blog-post.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/05/blog-post.html" - }, - { - "name" : "DSA-1486", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1486" - }, - { - "name" : "24081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24081" - }, - { - "name" : "36224", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36224" - }, - { - "name" : "ADV-2007-1886", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1886" - }, - { - "name" : "25333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25333" - }, - { - "name" : "28743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28743" - }, - { - "name" : "gnats-gnatsweb-xss(34392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36224", + "refsource": "OSVDB", + "url": "http://osvdb.org/36224" + }, + { + "name": "25333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25333" + }, + { + "name": "28743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28743" + }, + { + "name": "24081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24081" + }, + { + "name": "DSA-1486", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1486" + }, + { + "name": "gnats-gnatsweb-xss(34392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392" + }, + { + "name": "http://pridels-team.blogspot.com/2007/05/blog-post.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/05/blog-post.html" + }, + { + "name": "ADV-2007-1886", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1886" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2835.json b/2007/2xxx/CVE-2007-2835.json index e3857c36a6f..d7ed8ee99d1 100644 --- a/2007/2xxx/CVE-2007-2835.json +++ b/2007/2xxx/CVE-2007-2835.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336" - }, - { - "name" : "DSA-1328", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1328" - }, - { - "name" : "24719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24719" - }, - { - "name" : "37794", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37794" - }, - { - "name" : "25912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25912" - }, - { - "name" : "25910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25910" - }, - { - "name" : "uniconimc2-ccepinyin-xlpinyin-bo(35382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336" + }, + { + "name": "uniconimc2-ccepinyin-xlpinyin-bo(35382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35382" + }, + { + "name": "25912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25912" + }, + { + "name": "24719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24719" + }, + { + "name": "25910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25910" + }, + { + "name": "DSA-1328", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1328" + }, + { + "name": "37794", + "refsource": "OSVDB", + "url": "http://osvdb.org/37794" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2955.json b/2007/2xxx/CVE-2007-2955.json index eaf6051af00..c1e605df09f 100644 --- a/2007/2xxx/CVE-2007-2955.json +++ b/2007/2xxx/CVE-2007-2955.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-2955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2007-53/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-53/advisory/" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2007.08.09.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2007.08.09.html" - }, - { - "name" : "24983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24983" - }, - { - "name" : "ADV-2007-2822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2822" - }, - { - "name" : "1018545", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018545" - }, - { - "name" : "1018546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018546" - }, - { - "name" : "1018547", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018547" - }, - { - "name" : "25215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25215" - }, - { - "name" : "symantec-navcomui-code-execution(35944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-navcomui-code-execution(35944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html" + }, + { + "name": "1018547", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018547" + }, + { + "name": "http://secunia.com/secunia_research/2007-53/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-53/advisory/" + }, + { + "name": "ADV-2007-2822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2822" + }, + { + "name": "25215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25215" + }, + { + "name": "1018546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018546" + }, + { + "name": "24983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24983" + }, + { + "name": "1018545", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018545" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6640.json b/2007/6xxx/CVE-2007-6640.json index 62d1c6cc9b6..5d56fa1b1f5 100644 --- a/2007/6xxx/CVE-2007-6640.json +++ b/2007/6xxx/CVE-2007-6640.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://8-p.info/greasekit/vuln/20071226-en.html", - "refsource" : "CONFIRM", - "url" : "http://8-p.info/greasekit/vuln/20071226-en.html" - }, - { - "name" : "42819", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42819" - }, - { - "name" : "28241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28241" - }, - { - "name" : "greasekit-creammonkey-gm-security-bypass(39272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://8-p.info/greasekit/vuln/20071226-en.html", + "refsource": "CONFIRM", + "url": "http://8-p.info/greasekit/vuln/20071226-en.html" + }, + { + "name": "28241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28241" + }, + { + "name": "42819", + "refsource": "OSVDB", + "url": "http://osvdb.org/42819" + }, + { + "name": "greasekit-creammonkey-gm-security-bypass(39272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39272" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0054.json b/2010/0xxx/CVE-2010-0054.json index b225990e860..1194b2d4b95 100644 --- a/2010/0xxx/CVE-2010-0054.json +++ b/2010/0xxx/CVE-2010-0054.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "62949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62949" - }, - { - "name" : "oval:org.mitre.oval:def:6915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6915" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "62949", + "refsource": "OSVDB", + "url": "http://osvdb.org/62949" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "oval:org.mitre.oval:def:6915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6915" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0232.json b/2010/0xxx/CVE-2010-0232.json index 54c077179bc..0485d09bb0d 100644 --- a/2010/0xxx/CVE-2010-0232.json +++ b/2010/0xxx/CVE-2010-0232.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka \"Windows Kernel Exception Handler Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509106/100/0/threaded" - }, - { - "name" : "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Jan/341" - }, - { - "name" : "[dailydave] 20100119 We hold these axioms to be self evident", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006000.html" - }, - { - "name" : "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip", - "refsource" : "MISC", - "url" : "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/979682.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/979682.mspx" - }, - { - "name" : "MS10-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "37864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37864" - }, - { - "name" : "oval:org.mitre.oval:def:8344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8344" - }, - { - "name" : "1023471", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023471" - }, - { - "name" : "38265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38265" - }, - { - "name" : "ADV-2010-0179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0179" - }, - { - "name" : "ms-win-gptrap-privilege-escalation(55742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka \"Windows Kernel Exception Handler Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dailydave] 20100119 We hold these axioms to be self evident", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006000.html" + }, + { + "name": "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip", + "refsource": "MISC", + "url": "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx" + }, + { + "name": "MS10-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/979682.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/979682.mspx" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "1023471", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023471" + }, + { + "name": "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Jan/341" + }, + { + "name": "ADV-2010-0179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0179" + }, + { + "name": "37864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37864" + }, + { + "name": "38265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38265" + }, + { + "name": "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509106/100/0/threaded" + }, + { + "name": "ms-win-gptrap-privilege-escalation(55742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55742" + }, + { + "name": "oval:org.mitre.oval:def:8344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8344" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0313.json b/2010/0xxx/CVE-2010-0313.json index 3d2f7106ef3..ec43271ecae 100644 --- a/2010/0xxx/CVE-2010-0313.json +++ b/2010/0xxx/CVE-2010-0313.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html", - "refsource" : "MISC", - "url" : "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html" - }, - { - "name" : "37699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37699" - }, - { - "name" : "1023431", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023431" - }, - { - "name" : "37978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37978" - }, - { - "name" : "ADV-2010-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0085" - }, - { - "name" : "jsds-coregetproxyauthdn-dos(55511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jsds-coregetproxyauthdn-dos(55511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55511" + }, + { + "name": "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html", + "refsource": "MISC", + "url": "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html" + }, + { + "name": "1023431", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023431" + }, + { + "name": "ADV-2010-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0085" + }, + { + "name": "37699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37699" + }, + { + "name": "37978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37978" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0518.json b/2010/0xxx/CVE-2010-0518.json index 0b382e6c395..e329516f24c 100644 --- a/2010/0xxx/CVE-2010-0518.json +++ b/2010/0xxx/CVE-2010-0518.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:7077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "oval:org.mitre.oval:def:7077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7077" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1479.json b/2010/1xxx/CVE-2010-1479.json index 6b22563c7a4..724711e5775 100644 --- a/2010/1xxx/CVE-2010-1479.json +++ b/2010/1xxx/CVE-2010-1479.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt" - }, - { - "name" : "12148", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12148" - }, - { - "name" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download", - "refsource" : "CONFIRM", - "url" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download" - }, - { - "name" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released", - "refsource" : "CONFIRM", - "url" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released" - }, - { - "name" : "39378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39378" - }, - { - "name" : "39255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39255" + }, + { + "name": "39378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39378" + }, + { + "name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download", + "refsource": "CONFIRM", + "url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download" + }, + { + "name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released", + "refsource": "CONFIRM", + "url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released" + }, + { + "name": "12148", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12148" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1528.json b/2010/1xxx/CVE-2010-1528.json index c51505255f0..e71569ef952 100644 --- a/2010/1xxx/CVE-2010-1528.json +++ b/2010/1xxx/CVE-2010-1528.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12049", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12049" - }, - { - "name" : "39365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39365" - }, - { - "name" : "63528", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63528" - }, - { - "name" : "39313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39313" - }, - { - "name" : "uigaproxy-template-file-include(57515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39365" + }, + { + "name": "63528", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63528" + }, + { + "name": "12049", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12049" + }, + { + "name": "39313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39313" + }, + { + "name": "uigaproxy-template-file-include(57515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57515" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1677.json b/2010/1xxx/CVE-2010-1677.json index 003e745afb8..223ae4bb5bf 100644 --- a/2010/1xxx/CVE-2010-1677.json +++ b/2010/1xxx/CVE-2010-1677.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html" - }, - { - "name" : "http://savannah.nongnu.org/bugs/?32014", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/bugs/?32014" - }, - { - "name" : "MDVSA-2011:003", - "refsource" : "MANDRIVA", - "url" : "http://lists.mandriva.com/security-announce/2011-01/msg00004.php" - }, - { - "name" : "42694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42694" - }, - { - "name" : "ADV-2010-3344", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3344" - }, - { - "name" : "ADV-2011-0067", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0067" - }, - { - "name" : "mhonarc-start-tags-dos(64656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mhonarc-start-tags-dos(64656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656" + }, + { + "name": "ADV-2010-3344", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3344" + }, + { + "name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html" + }, + { + "name": "ADV-2011-0067", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0067" + }, + { + "name": "42694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42694" + }, + { + "name": "http://savannah.nongnu.org/bugs/?32014", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/bugs/?32014" + }, + { + "name": "MDVSA-2011:003", + "refsource": "MANDRIVA", + "url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4126.json b/2010/4xxx/CVE-2010-4126.json index 3689e230fd8..45e3618cec4 100644 --- a/2010/4xxx/CVE-2010-4126.json +++ b/2010/4xxx/CVE-2010-4126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4126", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4126", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4142.json b/2010/4xxx/CVE-2010-4142.json index eb0b3986d74..4c2d7ee87e5 100644 --- a/2010/4xxx/CVE-2010-4142.json +++ b/2010/4xxx/CVE-2010-4142.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15259", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15259" - }, - { - "name" : "15337", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15337" - }, - { - "name" : "http://aluigi.org/adv/realwin_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/realwin_1-adv.txt" - }, - { - "name" : "44150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44150" - }, - { - "name" : "41849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15259", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15259" + }, + { + "name": "44150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44150" + }, + { + "name": "http://aluigi.org/adv/realwin_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/realwin_1-adv.txt" + }, + { + "name": "15337", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15337" + }, + { + "name": "41849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41849" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4821.json b/2010/4xxx/CVE-2010-4821.json index e9f41bab6cb..ce62171b09a 100644 --- a/2010/4xxx/CVE-2010-4821.json +++ b/2010/4xxx/CVE-2010-4821.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110928 Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2010/Sep/207" - }, - { - "name" : "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/08/2" - }, - { - "name" : "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/08/7" - }, - { - "name" : "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt", - "refsource" : "MISC", - "url" : "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt" - }, - { - "name" : "http://www.phpmyfaq.de/advisory_2010-09-28.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2010-09-28.php" - }, - { - "name" : "68268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68268" - }, - { - "name" : "41625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41625" - }, - { - "name" : "phpmyfaq-unspecified-xss(62092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt", + "refsource": "MISC", + "url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt" + }, + { + "name": "phpmyfaq-unspecified-xss(62092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092" + }, + { + "name": "41625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41625" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2010-09-28.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2010-09-28.php" + }, + { + "name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/08/2" + }, + { + "name": "20110928 Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2010/Sep/207" + }, + { + "name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/08/7" + }, + { + "name": "68268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68268" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5176.json b/2010/5xxx/CVE-2010-5176.json index d9c8eb77f35..d89168030e8 100644 --- a/2010/5xxx/CVE-2010-5176.json +++ b/2010/5xxx/CVE-2010-5176.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0607.json b/2014/0xxx/CVE-2014-0607.json index e53d0bd3f7e..5f9626e258e 100644 --- a/2014/0xxx/CVE-2014-0607.json +++ b/2014/0xxx/CVE-2014-0607.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.attachmate.com/techdocs/2700.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2700.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.attachmate.com/techdocs/2700.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2700.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1212.json b/2014/1xxx/CVE-2014-1212.json index 9eb78756b4e..131a9441775 100644 --- a/2014/1xxx/CVE-2014-1212.json +++ b/2014/1xxx/CVE-2014-1212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1566.json b/2014/1xxx/CVE-2014-1566.json index 57623e485af..69b7ff626dc 100644 --- a/2014/1xxx/CVE-2014-1566.json +++ b/2014/1xxx/CVE-2014-1566.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "69522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69522" - }, - { - "name" : "1030792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69522" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1030792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030792" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4069.json b/2014/4xxx/CVE-2014-4069.json index 1dd96c7e1fb..1f313c4fc91 100644 --- a/2014/4xxx/CVE-2014-4069.json +++ b/2014/4xxx/CVE-2014-4069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4069", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4069", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4413.json b/2014/4xxx/CVE-2014-4413.json index 3c796e4e6e8..e8ded4367ca 100644 --- a/2014/4xxx/CVE-2014-4413.json +++ b/2014/4xxx/CVE-2014-4413.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6440", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6440" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "GLSA-201612-41", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-41" - }, - { - "name" : "69881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69881" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "61306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61306" - }, - { - "name" : "61318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61318" - }, - { - "name" : "apple-cve20144413-code-exec(96033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "61318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61318" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69881" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "http://support.apple.com/kb/HT6440", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6440" + }, + { + "name": "61306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61306" + }, + { + "name": "GLSA-201612-41", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-41" + }, + { + "name": "apple-cve20144413-code-exec(96033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96033" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4969.json b/2014/4xxx/CVE-2014-4969.json index 3a04c23f48b..ffe157a3d43 100644 --- a/2014/4xxx/CVE-2014-4969.json +++ b/2014/4xxx/CVE-2014-4969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9643.json b/2014/9xxx/CVE-2014-9643.json index cba1e631f56..2c5495e1467 100644 --- a/2014/9xxx/CVE-2014-9643.json +++ b/2014/9xxx/CVE-2014-9643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35992", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35992" - }, - { - "name" : "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html" - }, - { - "name" : "http://www.greyhathacker.net/?p=818", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=818" - }, - { - "name" : "113007", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=818", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=818" + }, + { + "name": "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html" + }, + { + "name": "113007", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113007" + }, + { + "name": "35992", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35992" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9647.json b/2014/9xxx/CVE-2014-9647.json index 6f8bc18fea1..35eba497660 100644 --- a/2014/9xxx/CVE-2014-9647.json +++ b/2014/9xxx/CVE-2014-9647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=410326", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=410326" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449894", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449894" - }, - { - "name" : "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b", - "refsource" : "CONFIRM", - "url" : "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=410326", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=410326" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b", + "refsource": "CONFIRM", + "url": "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449894", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449894" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3321.json b/2016/3xxx/CVE-2016-3321.json index 0d535810e60..387725448c8 100644 --- a/2016/3xxx/CVE-2016-3321.json +++ b/2016/3xxx/CVE-2016-3321.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka \"Internet Explorer Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539174/100/0/threaded" - }, - { - "name" : "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/44" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html" - }, - { - "name" : "MS16-095", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" - }, - { - "name" : "92291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92291" - }, - { - "name" : "1036562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka \"Internet Explorer Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-095", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" + }, + { + "name": "1036562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036562" + }, + { + "name": "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html" + }, + { + "name": "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/44" + }, + { + "name": "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539174/100/0/threaded" + }, + { + "name": "92291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92291" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3364.json b/2016/3xxx/CVE-2016-3364.json index 2a78fa3fccf..3ac1f718d14 100644 --- a/2016/3xxx/CVE-2016-3364.json +++ b/2016/3xxx/CVE-2016-3364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-107", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107" - }, - { - "name" : "92803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92803" - }, - { - "name" : "1036785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036785" + }, + { + "name": "92803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92803" + }, + { + "name": "MS16-107", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3513.json b/2016/3xxx/CVE-2016-3513.json index c2c14a25418..0774c3162cf 100644 --- a/2016/3xxx/CVE-2016-3513.json +++ b/2016/3xxx/CVE-2016-3513.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf", - "refsource" : "MISC", - "url" : "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "1036401", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036401", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036401" + }, + { + "name": "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf", + "refsource": "MISC", + "url": "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6001.json b/2016/6xxx/CVE-2016-6001.json index 44618f1bf19..104d32dac15 100644 --- a/2016/6xxx/CVE-2016-6001.json +++ b/2016/6xxx/CVE-2016-6001.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Forms Experience Builder", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.0" - }, - { - "version_value" : "8.5.1" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "8.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Forms Experience Builder", + "version": { + "version_data": [ + { + "version_value": "8.5.0" + }, + { + "version_value": "8.5.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "8.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21991280", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21991280" - }, - { - "name" : "95777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95777" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21991280", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21991280" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7251.json b/2016/7xxx/CVE-2016-7251.json index f2c29ba04b9..b54d500e957 100644 --- a/2016/7xxx/CVE-2016-7251.json +++ b/2016/7xxx/CVE-2016-7251.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"MDS API XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-136", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" - }, - { - "name" : "94043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94043" - }, - { - "name" : "1037250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"MDS API XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037250" + }, + { + "name": "94043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94043" + }, + { + "name": "MS16-136", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7277.json b/2016/7xxx/CVE-2016-7277.json index 3e8d17f633a..33d426e2d8f 100644 --- a/2016/7xxx/CVE-2016-7277.json +++ b/2016/7xxx/CVE-2016-7277.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-148", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" - }, - { - "name" : "94715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94715" - }, - { - "name" : "1037441", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-148", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" + }, + { + "name": "1037441", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037441" + }, + { + "name": "94715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94715" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7320.json b/2016/7xxx/CVE-2016-7320.json index 91203c27365..79911afc02c 100644 --- a/2016/7xxx/CVE-2016-7320.json +++ b/2016/7xxx/CVE-2016-7320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7320", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7320", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7961.json b/2016/7xxx/CVE-2016-7961.json index 03fd283a3a4..d433fe4db2f 100644 --- a/2016/7xxx/CVE-2016-7961.json +++ b/2016/7xxx/CVE-2016-7961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7972.json b/2016/7xxx/CVE-2016-7972.json index 5f989da2cad..bd215f6af61 100644 --- a/2016/7xxx/CVE-2016-7972.json +++ b/2016/7xxx/CVE-2016-7972.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: Handful of libass issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960" - }, - { - "name" : "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b", - "refsource" : "CONFIRM", - "url" : "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b" - }, - { - "name" : "https://github.com/libass/libass/releases/tag/0.13.4", - "refsource" : "CONFIRM", - "url" : "https://github.com/libass/libass/releases/tag/0.13.4" - }, - { - "name" : "FEDORA-2016-282507c3e9", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/" - }, - { - "name" : "FEDORA-2016-95407a836f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/" - }, - { - "name" : "FEDORA-2016-d2a05a0644", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/" - }, - { - "name" : "GLSA-201702-25", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-25" - }, - { - "name" : "openSUSE-SU-2016:3087", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html" - }, - { - "name" : "93358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-25", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-25" + }, + { + "name": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b", + "refsource": "CONFIRM", + "url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b" + }, + { + "name": "93358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93358" + }, + { + "name": "https://github.com/libass/libass/releases/tag/0.13.4", + "refsource": "CONFIRM", + "url": "https://github.com/libass/libass/releases/tag/0.13.4" + }, + { + "name": "FEDORA-2016-282507c3e9", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960" + }, + { + "name": "FEDORA-2016-d2a05a0644", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/" + }, + { + "name": "openSUSE-SU-2016:3087", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html" + }, + { + "name": "[oss-security] 20161004 Re: Handful of libass issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/2" + }, + { + "name": "FEDORA-2016-95407a836f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8113.json b/2016/8xxx/CVE-2016-8113.json index 5510f848aa4..665bd12124a 100644 --- a/2016/8xxx/CVE-2016-8113.json +++ b/2016/8xxx/CVE-2016-8113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8190.json b/2016/8xxx/CVE-2016-8190.json index 56d644af690..b36fbc4bc0f 100644 --- a/2016/8xxx/CVE-2016-8190.json +++ b/2016/8xxx/CVE-2016-8190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8190", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8190", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8541.json b/2016/8xxx/CVE-2016-8541.json index f4e83c9b4a2..e36d22e125e 100644 --- a/2016/8xxx/CVE-2016-8541.json +++ b/2016/8xxx/CVE-2016-8541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8541", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8896.json b/2016/8xxx/CVE-2016-8896.json index 16c12af964e..306b8352da0 100644 --- a/2016/8xxx/CVE-2016-8896.json +++ b/2016/8xxx/CVE-2016-8896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8952.json b/2016/8xxx/CVE-2016-8952.json index ad4d826a41c..83483e96d7b 100644 --- a/2016/8xxx/CVE-2016-8952.json +++ b/2016/8xxx/CVE-2016-8952.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2016-8952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Strategic Supply Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "10.0.2.0" - }, - { - "version_value" : "10.0.4.0" - }, - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2016-8952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Strategic Supply Management", + "version": { + "version_data": [ + { + "version_value": "10.0.0.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "10.0.2.0" + }, + { + "version_value": "10.0.4.0" + }, + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005839", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005839" - }, - { - "name" : "99589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839" + }, + { + "name": "99589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99589" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005839", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005839" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9460.json b/2016/9xxx/CVE-2016-9460.json index 1f2fe219ba1..440d92b00b3 100644 --- a/2016/9xxx/CVE-2016-9460.json +++ b/2016/9xxx/CVE-2016-9460.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", - "version" : { - "version_data" : [ - { - "version_value" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "User Interface (UI) Misrepresentation of Critical Information (CWE-451)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", + "version": { + "version_data": [ + { + "version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e" - }, - { - "name" : "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c" - }, - { - "name" : "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983" - }, - { - "name" : "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf", - "refsource" : "MISC", - "url" : "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf" - }, - { - "name" : "https://hackerone.com/reports/145463", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/145463" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003", - "refsource" : "MISC", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003" - }, - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-013", - "refsource" : "MISC", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-013" - }, - { - "name" : "97282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/145463", + "refsource": "MISC", + "url": "https://hackerone.com/reports/145463" + }, + { + "name": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c" + }, + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013", + "refsource": "MISC", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013" + }, + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003", + "refsource": "MISC", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003" + }, + { + "name": "97282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97282" + }, + { + "name": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983" + }, + { + "name": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf", + "refsource": "MISC", + "url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf" + }, + { + "name": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e" + } + ] + } +} \ No newline at end of file