From b5ca9b29e089758c157de456083da8c3764546c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:47:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0888.json | 130 +++++----- 2006/0xxx/CVE-2006-0915.json | 130 +++++----- 2006/1xxx/CVE-2006-1150.json | 160 ++++++------- 2006/1xxx/CVE-2006-1301.json | 160 ++++++------- 2006/1xxx/CVE-2006-1313.json | 240 +++++++++---------- 2006/1xxx/CVE-2006-1533.json | 180 +++++++------- 2006/1xxx/CVE-2006-1631.json | 180 +++++++------- 2006/1xxx/CVE-2006-1813.json | 170 ++++++------- 2006/5xxx/CVE-2006-5050.json | 150 ++++++------ 2006/5xxx/CVE-2006-5577.json | 210 ++++++++--------- 2006/5xxx/CVE-2006-5702.json | 190 +++++++-------- 2006/5xxx/CVE-2006-5925.json | 390 +++++++++++++++--------------- 2007/2xxx/CVE-2007-2060.json | 200 ++++++++-------- 2007/2xxx/CVE-2007-2686.json | 170 ++++++------- 2010/0xxx/CVE-2010-0038.json | 150 ++++++------ 2010/0xxx/CVE-2010-0093.json | 420 ++++++++++++++++----------------- 2010/0xxx/CVE-2010-0450.json | 160 ++++++------- 2010/0xxx/CVE-2010-0654.json | 170 ++++++------- 2010/0xxx/CVE-2010-0961.json | 190 +++++++-------- 2010/1xxx/CVE-2010-1267.json | 160 ++++++------- 2010/1xxx/CVE-2010-1408.json | 360 ++++++++++++++-------------- 2010/1xxx/CVE-2010-1653.json | 160 ++++++------- 2010/1xxx/CVE-2010-1797.json | 330 +++++++++++++------------- 2010/1xxx/CVE-2010-1968.json | 160 ++++++------- 2010/3xxx/CVE-2010-3351.json | 180 +++++++------- 2010/3xxx/CVE-2010-3481.json | 180 +++++++------- 2010/4xxx/CVE-2010-4427.json | 180 +++++++------- 2010/4xxx/CVE-2010-4461.json | 180 +++++++------- 2014/0xxx/CVE-2014-0547.json | 200 ++++++++-------- 2014/0xxx/CVE-2014-0701.json | 120 +++++----- 2014/10xxx/CVE-2014-10051.json | 132 +++++------ 2014/4xxx/CVE-2014-4116.json | 130 +++++----- 2014/4xxx/CVE-2014-4724.json | 130 +++++----- 2014/8xxx/CVE-2014-8207.json | 34 +-- 2014/8xxx/CVE-2014-8846.json | 34 +-- 2014/9xxx/CVE-2014-9449.json | 180 +++++++------- 2014/9xxx/CVE-2014-9517.json | 140 +++++------ 2014/9xxx/CVE-2014-9778.json | 140 +++++------ 2014/9xxx/CVE-2014-9820.json | 150 ++++++------ 2016/3xxx/CVE-2016-3471.json | 200 ++++++++-------- 2016/3xxx/CVE-2016-3660.json | 34 +-- 2016/3xxx/CVE-2016-3747.json | 130 +++++----- 2016/6xxx/CVE-2016-6217.json | 120 +++++----- 2016/6xxx/CVE-2016-6560.json | 140 +++++------ 2016/6xxx/CVE-2016-6582.json | 170 ++++++------- 2016/7xxx/CVE-2016-7125.json | 210 ++++++++--------- 2016/7xxx/CVE-2016-7303.json | 34 +-- 2016/7xxx/CVE-2016-7532.json | 170 ++++++------- 2016/7xxx/CVE-2016-7606.json | 160 ++++++------- 2016/7xxx/CVE-2016-7808.json | 160 ++++++------- 2016/8xxx/CVE-2016-8089.json | 34 +-- 2016/8xxx/CVE-2016-8261.json | 34 +-- 2016/8xxx/CVE-2016-8741.json | 156 ++++++------ 53 files changed, 4391 insertions(+), 4391 deletions(-) diff --git a/2006/0xxx/CVE-2006-0888.json b/2006/0xxx/CVE-2006-0888.json index 9c46df9ef2a..03c302636a1 100644 --- a/2006/0xxx/CVE-2006-0888.json +++ b/2006/0xxx/CVE-2006-0888.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1489", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1489" - }, - { - "name" : "16616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1489", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1489" + }, + { + "name": "16616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16616" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0915.json b/2006/0xxx/CVE-2006-0915.json index fb08ec41376..cc49df51a8a 100644 --- a/2006/0xxx/CVE-2006-0915.json +++ b/2006/0xxx/CVE-2006-0915.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313441", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313441" - }, - { - "name" : "ADV-2006-0692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0692" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=313441", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=313441" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1150.json b/2006/1xxx/CVE-2006-1150.json index 9a0ec7a664c..995d3b97d20 100644 --- a/2006/1xxx/CVE-2006-1150.json +++ b/2006/1xxx/CVE-2006-1150.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/tegob1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/tegob1-adv.txt" - }, - { - "name" : "16982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16982" - }, - { - "name" : "ADV-2006-0846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0846" - }, - { - "name" : "19134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19134" - }, - { - "name" : "teg-nickname-offbyone-dos(25165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/tegob1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/tegob1-adv.txt" + }, + { + "name": "ADV-2006-0846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0846" + }, + { + "name": "teg-nickname-offbyone-dos(25165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25165" + }, + { + "name": "19134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19134" + }, + { + "name": "16982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16982" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1301.json b/2006/1xxx/CVE-2006-1301.json index c7acac73bd7..4732af83924 100644 --- a/2006/1xxx/CVE-2006-1301.json +++ b/2006/1xxx/CVE-2006-1301.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" - }, - { - "name" : "18853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18853" - }, - { - "name" : "ADV-2006-2755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2755" - }, - { - "name" : "oval:org.mitre.oval:def:557", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557" - }, - { - "name" : "1016472", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18853" + }, + { + "name": "MS06-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" + }, + { + "name": "1016472", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016472" + }, + { + "name": "ADV-2006-2755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2755" + }, + { + "name": "oval:org.mitre.oval:def:557", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1313.json b/2006/1xxx/CVE-2006-1313.json index 1c0082bf850..13bbc0c46ee 100644 --- a/2006/1xxx/CVE-2006-1313.json +++ b/2006/1xxx/CVE-2006-1313.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023" - }, - { - "name" : "TA06-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" - }, - { - "name" : "VU#390044", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/390044" - }, - { - "name" : "18359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18359" - }, - { - "name" : "ADV-2006-2321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2321" - }, - { - "name" : "26434", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26434" - }, - { - "name" : "oval:org.mitre.oval:def:1067", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067" - }, - { - "name" : "oval:org.mitre.oval:def:1644", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644" - }, - { - "name" : "oval:org.mitre.oval:def:1785", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785" - }, - { - "name" : "oval:org.mitre.oval:def:2003", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003" - }, - { - "name" : "1016283", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016283" - }, - { - "name" : "20620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20620" - }, - { - "name" : "ms-jscript-code-execution(26805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1785", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785" + }, + { + "name": "oval:org.mitre.oval:def:1644", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644" + }, + { + "name": "1016283", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016283" + }, + { + "name": "ms-jscript-code-execution(26805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805" + }, + { + "name": "ADV-2006-2321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2321" + }, + { + "name": "TA06-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" + }, + { + "name": "oval:org.mitre.oval:def:1067", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067" + }, + { + "name": "VU#390044", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/390044" + }, + { + "name": "26434", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26434" + }, + { + "name": "MS06-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023" + }, + { + "name": "18359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18359" + }, + { + "name": "oval:org.mitre.oval:def:2003", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003" + }, + { + "name": "20620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20620" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1533.json b/2006/1xxx/CVE-2006-1533.json index d583808f1b4..26acc76983a 100644 --- a/2006/1xxx/CVE-2006-1533.json +++ b/2006/1xxx/CVE-2006-1533.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060407 [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430375/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/107/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/107/summary.html" - }, - { - "name" : "17304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17304" - }, - { - "name" : "ADV-2006-1148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1148" - }, - { - "name" : "24229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24229" - }, - { - "name" : "19425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19425" - }, - { - "name" : "newsletter-script-sql-injection(25498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1148" + }, + { + "name": "newsletter-script-sql-injection(25498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25498" + }, + { + "name": "17304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17304" + }, + { + "name": "24229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24229" + }, + { + "name": "20060407 [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430375/100/0/threaded" + }, + { + "name": "19425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19425" + }, + { + "name": "http://evuln.com/vulns/107/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/107/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1631.json b/2006/1xxx/CVE-2006-1631.json index daaaa81ad3c..16090c38545 100644 --- a/2006/1xxx/CVE-2006-1631.json +++ b/2006/1xxx/CVE-2006-1631.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) \"valid, but obsolete\" or (2) \"specially crafted\" HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060405 Cisco 11500 Content Services Switch HTTP Request Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml" - }, - { - "name" : "17383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17383" - }, - { - "name" : "ADV-2006-1257", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1257" - }, - { - "name" : "24433", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24433" - }, - { - "name" : "1015870", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015870" - }, - { - "name" : "19552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19552" - }, - { - "name" : "cisco-css-http-comp-dos(25642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) \"valid, but obsolete\" or (2) \"specially crafted\" HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1257", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1257" + }, + { + "name": "1015870", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015870" + }, + { + "name": "20060405 Cisco 11500 Content Services Switch HTTP Request Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml" + }, + { + "name": "cisco-css-http-comp-dos(25642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25642" + }, + { + "name": "19552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19552" + }, + { + "name": "24433", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24433" + }, + { + "name": "17383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17383" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1813.json b/2006/1xxx/CVE-2006-1813.json index 5392ac45000..61b437d9434 100644 --- a/2006/1xxx/CVE-2006-1813.json +++ b/2006/1xxx/CVE-2006-1813.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 PhpWebFTP 3.2 Login Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431115/100/0/threaded" - }, - { - "name" : "17557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17557" - }, - { - "name" : "ADV-2006-1388", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1388" - }, - { - "name" : "19706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19706" - }, - { - "name" : "723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/723" - }, - { - "name" : "phpwebftp-index-directory-traversal(25920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17557" + }, + { + "name": "ADV-2006-1388", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1388" + }, + { + "name": "19706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19706" + }, + { + "name": "723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/723" + }, + { + "name": "20060417 PhpWebFTP 3.2 Login Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431115/100/0/threaded" + }, + { + "name": "phpwebftp-index-directory-traversal(25920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25920" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5050.json b/2006/5xxx/CVE-2006-5050.json index 4cc1d3508ea..7965b84f770 100644 --- a/2006/5xxx/CVE-2006-5050.json +++ b/2006/5xxx/CVE-2006-5050.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 Busy box httpd file traversal vulenrability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446228/100/0/threaded" - }, - { - "name" : "20067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20067" - }, - { - "name" : "1016875", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016875" - }, - { - "name" : "1636", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016875", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016875" + }, + { + "name": "1636", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1636" + }, + { + "name": "20060916 Busy box httpd file traversal vulenrability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446228/100/0/threaded" + }, + { + "name": "20067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20067" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5577.json b/2006/5xxx/CVE-2006-5577.json index 04b1034db79..6da6a54b3cf 100644 --- a/2006/5xxx/CVE-2006-5577.json +++ b/2006/5xxx/CVE-2006-5577.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-5577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02180", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "SSRT061288", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "MS06-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" - }, - { - "name" : "TA06-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" - }, - { - "name" : "21507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21507" - }, - { - "name" : "ADV-2006-4966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4966" - }, - { - "name" : "30816", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30816" - }, - { - "name" : "oval:org.mitre.oval:def:313", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" - }, - { - "name" : "1017374", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017374" - }, - { - "name" : "23288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4966" + }, + { + "name": "23288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23288" + }, + { + "name": "TA06-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" + }, + { + "name": "1017374", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017374" + }, + { + "name": "oval:org.mitre.oval:def:313", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" + }, + { + "name": "21507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21507" + }, + { + "name": "SSRT061288", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "HPSBST02180", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "MS06-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" + }, + { + "name": "30816", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30816" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5702.json b/2006/5xxx/CVE-2006-5702.json index d2df3932fdd..57f919ddc06 100644 --- a/2006/5xxx/CVE-2006-5702.json +++ b/2006/5xxx/CVE-2006-5702.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 tikiwiki 1.9.5 mysql password disclosure & xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450268/100/0/threaded" - }, - { - "name" : "GLSA-200611-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-11.xml" - }, - { - "name" : "20858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20858" - }, - { - "name" : "ADV-2006-4316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4316" - }, - { - "name" : "22678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22678" - }, - { - "name" : "23039", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23039" - }, - { - "name" : "1816", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1816" - }, - { - "name" : "tikiwiki-password-info-disclosure(29960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4316" + }, + { + "name": "20061101 tikiwiki 1.9.5 mysql password disclosure & xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded" + }, + { + "name": "tikiwiki-password-info-disclosure(29960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960" + }, + { + "name": "22678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22678" + }, + { + "name": "23039", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23039" + }, + { + "name": "GLSA-200611-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-11.xml" + }, + { + "name": "1816", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1816" + }, + { + "name": "20858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20858" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5925.json b/2006/5xxx/CVE-2006-5925.json index 55b726d4cab..04c86f997fe 100644 --- a/2006/5xxx/CVE-2006-5925.json +++ b/2006/5xxx/CVE-2006-5925.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061115 Links smbclient command execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451870/100/200/threaded" - }, - { - "name" : "20061115 Links smbclient command execution", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116355556512780&w=2" - }, - { - "name" : "http://bugzilla.elinks.cz/show_bug.cgi?id=841", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.elinks.cz/show_bug.cgi?id=841" - }, - { - "name" : "DSA-1228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1228" - }, - { - "name" : "DSA-1226", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2006/dsa-1226" - }, - { - "name" : "DSA-1240", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1240" - }, - { - "name" : "GLSA-200612-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-16.xml" - }, - { - "name" : "GLSA-200701-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml" - }, - { - "name" : "MDKSA-2006:216", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:216" - }, - { - "name" : "RHSA-2006:0742", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0742.html" - }, - { - "name" : "SUSE-SR:2006:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_27_sr.html" - }, - { - "name" : "2007-0005", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0005" - }, - { - "name" : "21082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21082" - }, - { - "name" : "oval:org.mitre.oval:def:11213", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213" - }, - { - "name" : "1017232", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017232" - }, - { - "name" : "1017233", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017233" - }, - { - "name" : "22905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22905" - }, - { - "name" : "22920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22920" - }, - { - "name" : "22923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22923" - }, - { - "name" : "23022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23022" - }, - { - "name" : "23132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23132" - }, - { - "name" : "23234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23234" - }, - { - "name" : "23188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23188" - }, - { - "name" : "23467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23467" - }, - { - "name" : "23389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23389" - }, - { - "name" : "24005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24005" - }, - { - "name" : "24054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24054" - }, - { - "name" : "links-smbclient-command-execution(30299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017233", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017233" + }, + { + "name": "22920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22920" + }, + { + "name": "RHSA-2006:0742", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0742.html" + }, + { + "name": "22923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22923" + }, + { + "name": "GLSA-200612-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-16.xml" + }, + { + "name": "22905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22905" + }, + { + "name": "2007-0005", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0005" + }, + { + "name": "20061115 Links smbclient command execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451870/100/200/threaded" + }, + { + "name": "23467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23467" + }, + { + "name": "24005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24005" + }, + { + "name": "oval:org.mitre.oval:def:11213", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213" + }, + { + "name": "23188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23188" + }, + { + "name": "DSA-1240", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1240" + }, + { + "name": "23234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23234" + }, + { + "name": "DSA-1228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1228" + }, + { + "name": "1017232", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017232" + }, + { + "name": "SUSE-SR:2006:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_27_sr.html" + }, + { + "name": "links-smbclient-command-execution(30299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30299" + }, + { + "name": "24054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24054" + }, + { + "name": "23132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23132" + }, + { + "name": "21082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21082" + }, + { + "name": "20061115 Links smbclient command execution", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116355556512780&w=2" + }, + { + "name": "DSA-1226", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2006/dsa-1226" + }, + { + "name": "MDKSA-2006:216", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:216" + }, + { + "name": "23389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23389" + }, + { + "name": "23022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23022" + }, + { + "name": "GLSA-200701-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml" + }, + { + "name": "http://bugzilla.elinks.cz/show_bug.cgi?id=841", + "refsource": "CONFIRM", + "url": "http://bugzilla.elinks.cz/show_bug.cgi?id=841" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2060.json b/2007/2xxx/CVE-2007-2060.json index a80b31edd9d..9c5a376b9db 100644 --- a/2007/2xxx/CVE-2007-2060.json +++ b/2007/2xxx/CVE-2007-2060.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/", - "refsource" : "MISC", - "url" : "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/" - }, - { - "name" : "https://addons.mozilla.org/en-US/firefox/addon/424", - "refsource" : "CONFIRM", - "url" : "https://addons.mozilla.org/en-US/firefox/addon/424" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T" - }, - { - "name" : "VU#319464", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/319464" - }, - { - "name" : "23523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23523" - }, - { - "name" : "ADV-2007-1425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1425" - }, - { - "name" : "34534", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34534" - }, - { - "name" : "24913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24913" - }, - { - "name" : "firefox-wizz-rssfeed-xss(33693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1425" + }, + { + "name": "23523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23523" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T" + }, + { + "name": "24913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24913" + }, + { + "name": "VU#319464", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/319464" + }, + { + "name": "34534", + "refsource": "OSVDB", + "url": "http://osvdb.org/34534" + }, + { + "name": "https://addons.mozilla.org/en-US/firefox/addon/424", + "refsource": "CONFIRM", + "url": "https://addons.mozilla.org/en-US/firefox/addon/424" + }, + { + "name": "firefox-wizz-rssfeed-xss(33693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33693" + }, + { + "name": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/", + "refsource": "MISC", + "url": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2686.json b/2007/2xxx/CVE-2007-2686.json index e9ed4ba9e62..f35232a580a 100644 --- a/2007/2xxx/CVE-2007-2686.json +++ b/2007/2xxx/CVE-2007-2686.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469233/100/0/threaded" - }, - { - "name" : "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117981938101135&w=2" - }, - { - "name" : "http://www.netvigilance.com/advisory0029", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0029" - }, - { - "name" : "24095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24095" - }, - { - "name" : "34791", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34791" - }, - { - "name" : "jetbox-index-xss(34415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.netvigilance.com/advisory0029", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0029" + }, + { + "name": "jetbox-index-xss(34415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34415" + }, + { + "name": "34791", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34791" + }, + { + "name": "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469233/100/0/threaded" + }, + { + "name": "24095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24095" + }, + { + "name": "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117981938101135&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0038.json b/2010/0xxx/CVE-2010-0038.json index e8f6f2d5454..4554d65bf6f 100644 --- a/2010/0xxx/CVE-2010-0038.json +++ b/2010/0xxx/CVE-2010-0038.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4013", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4013" - }, - { - "name" : "APPLE-SA-2010-02-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html" - }, - { - "name" : "38040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38040" - }, - { - "name" : "62128", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62128", + "refsource": "OSVDB", + "url": "http://osvdb.org/62128" + }, + { + "name": "APPLE-SA-2010-02-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html" + }, + { + "name": "38040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38040" + }, + { + "name": "http://support.apple.com/kb/HT4013", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4013" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0093.json b/2010/0xxx/CVE-2010-0093.json index f135e6bfb6b..8fc8fedf1ee 100644 --- a/2010/0xxx/CVE-2010-0093.json +++ b/2010/0xxx/CVE-2010-0093.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "USN-923-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-923-1" - }, - { - "name" : "63485", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63485" - }, - { - "name" : "oval:org.mitre.oval:def:9877", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" - }, - { - "name" : "oval:org.mitre.oval:def:14288", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" - }, - { - "name" : "39292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39292" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "oval:org.mitre.oval:def:9877", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877" + }, + { + "name": "oval:org.mitre.oval:def:14288", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "RHSA-2010:0339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "39292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39292" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "USN-923-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-923-1" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "63485", + "refsource": "OSVDB", + "url": "http://osvdb.org/63485" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0450.json b/2010/0xxx/CVE-2010-0450.json index 2c3b5365ed3..042d6c1e28f 100644 --- a/2010/0xxx/CVE-2010-0450.json +++ b/2010/0xxx/CVE-2010-0450.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02490", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2" - }, - { - "name" : "SSRT090222", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2" - }, - { - "name" : "39061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39061" - }, - { - "name" : "1023765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023765" - }, - { - "name" : "39187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02490", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2" + }, + { + "name": "1023765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023765" + }, + { + "name": "SSRT090222", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2" + }, + { + "name": "39187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39187" + }, + { + "name": "39061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39061" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0654.json b/2010/0xxx/CVE-2010-0654.json index bf69648a566..49fea17983e 100644 --- a/2010/0xxx/CVE-2010-0654.json +++ b/2010/0xxx/CVE-2010-0654.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9877", - "refsource" : "MISC", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9877" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" - }, - { - "name" : "http://websec.sv.cmu.edu/css/css.pdf", - "refsource" : "MISC", - "url" : "http://websec.sv.cmu.edu/css/css.pdf" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524223", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524223" - }, - { - "name" : "oval:org.mitre.oval:def:11811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" + }, + { + "name": "http://websec.sv.cmu.edu/css/css.pdf", + "refsource": "MISC", + "url": "http://websec.sv.cmu.edu/css/css.pdf" + }, + { + "name": "oval:org.mitre.oval:def:11811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=524223", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=524223" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9877", + "refsource": "MISC", + "url": "http://code.google.com/p/chromium/issues/detail?id=9877" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0961.json b/2010/0xxx/CVE-2010-0961.json index cfd2c19aaf5..fcdc1db35e3 100644 --- a/2010/0xxx/CVE-2010-0961.json +++ b/2010/0xxx/CVE-2010-0961.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc" - }, - { - "name" : "IZ68194", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194" - }, - { - "name" : "IZ71554", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554" - }, - { - "name" : "IZ71590", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590" - }, - { - "name" : "IZ71869", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869" - }, - { - "name" : "oval:org.mitre.oval:def:12051", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051" - }, - { - "name" : "1023694", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023694" - }, - { - "name" : "ADV-2010-0556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc" + }, + { + "name": "1023694", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023694" + }, + { + "name": "ADV-2010-0556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0556" + }, + { + "name": "IZ71590", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590" + }, + { + "name": "IZ71554", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554" + }, + { + "name": "IZ68194", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194" + }, + { + "name": "oval:org.mitre.oval:def:12051", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051" + }, + { + "name": "IZ71869", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1267.json b/2010/1xxx/CVE-2010-1267.json index 77987592f37..1889b9511a0 100644 --- a/2010/1xxx/CVE-2010-1267.json +++ b/2010/1xxx/CVE-2010-1267.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://inj3ct0r.com/exploits/11394", - "refsource" : "MISC", - "url" : "http://inj3ct0r.com/exploits/11394" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt" - }, - { - "name" : "11831", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11831" - }, - { - "name" : "38993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38993" - }, - { - "name" : "ADV-2010-0674", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0674", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0674" + }, + { + "name": "11831", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11831" + }, + { + "name": "38993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38993" + }, + { + "name": "http://inj3ct0r.com/exploits/11394", + "refsource": "MISC", + "url": "http://inj3ct0r.com/exploits/11394" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1408.json b/2010/1xxx/CVE-2010-1408.json index fe0931a58db..29944b29b97 100644 --- a/2010/1xxx/CVE-2010-1408.json +++ b/2010/1xxx/CVE-2010-1408.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to \"non-default TCP ports\" via a crafted port number, related to an \"integer truncation issue.\" NOTE: this may overlap CVE-2010-1099." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "40697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40697" - }, - { - "name" : "oval:org.mitre.oval:def:7295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7295" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to \"non-default TCP ports\" via a crafted port number, related to an \"integer truncation issue.\" NOTE: this may overlap CVE-2010-1099." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "oval:org.mitre.oval:def:7295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7295" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40697" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1653.json b/2010/1xxx/CVE-2010-1653.json index a5d3bedf8ae..2408b555f69 100644 --- a/2010/1xxx/CVE-2010-1653.json +++ b/2010/1xxx/CVE-2010-1653.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt" - }, - { - "name" : "12430", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12430" - }, - { - "name" : "39743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39743" - }, - { - "name" : "39585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39585" - }, - { - "name" : "ADV-2010-1004", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39743" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt" + }, + { + "name": "ADV-2010-1004", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1004" + }, + { + "name": "12430", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12430" + }, + { + "name": "39585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39585" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1797.json b/2010/1xxx/CVE-2010-1797.json index 24a6f439dbd..9fa50d63ea4 100644 --- a/2010/1xxx/CVE-2010-1797.json +++ b/2010/1xxx/CVE-2010-1797.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4291", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4291" - }, - { - "name" : "http://support.apple.com/kb/HT4292", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4292" - }, - { - "name" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2", - "refsource" : "CONFIRM", - "url" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc" - }, - { - "name" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=621144", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=621144" - }, - { - "name" : "14538", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14538" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00002002.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00002002.html" - }, - { - "name" : "APPLE-SA-2010-08-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-08-11-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html" - }, - { - "name" : "USN-972-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-972-1" - }, - { - "name" : "42151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42151" - }, - { - "name" : "66828", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66828" - }, - { - "name" : "40807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40807" - }, - { - "name" : "40816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40816" - }, - { - "name" : "40982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40982" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "ADV-2010-2018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2018" - }, - { - "name" : "ADV-2010-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2106" - }, - { - "name" : "appleios-pdf-code-execution(60856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621144", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc" + }, + { + "name": "14538", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14538" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" + }, + { + "name": "ADV-2010-2018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2018" + }, + { + "name": "66828", + "refsource": "OSVDB", + "url": "http://osvdb.org/66828" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00002002.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00002002.html" + }, + { + "name": "USN-972-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-972-1" + }, + { + "name": "APPLE-SA-2010-08-11-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html" + }, + { + "name": "40816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40816" + }, + { + "name": "http://support.apple.com/kb/HT4292", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4292" + }, + { + "name": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2", + "refsource": "CONFIRM", + "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2" + }, + { + "name": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view" + }, + { + "name": "42151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42151" + }, + { + "name": "http://support.apple.com/kb/HT4291", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4291" + }, + { + "name": "40982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40982" + }, + { + "name": "ADV-2010-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2106" + }, + { + "name": "APPLE-SA-2010-08-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "appleios-pdf-code-execution(60856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856" + }, + { + "name": "40807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40807" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1968.json b/2010/1xxx/CVE-2010-1968.json index 24bda3bd845..1548d3d197b 100644 --- a/2010/1xxx/CVE-2010-1968.json +++ b/2010/1xxx/CVE-2010-1968.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02550", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377" - }, - { - "name" : "SSRT100170", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377" - }, - { - "name" : "1024185", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024185" - }, - { - "name" : "40544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40544" - }, - { - "name" : "ADV-2010-1792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1792" + }, + { + "name": "1024185", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024185" + }, + { + "name": "40544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40544" + }, + { + "name": "SSRT100170", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377" + }, + { + "name": "HPSBMA02550", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3351.json b/2010/3xxx/CVE-2010-3351.json index 474955e3bb4..34020a64c41 100644 --- a/2010/3xxx/CVE-2010-3351.json +++ b/2010/3xxx/CVE-2010-3351.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285" - }, - { - "name" : "FEDORA-2010-16676", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050787.html" - }, - { - "name" : "FEDORA-2010-16687", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050805.html" - }, - { - "name" : "FEDORA-2010-16714", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050784.html" - }, - { - "name" : "44335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44335" - }, - { - "name" : "42272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42272" - }, - { - "name" : "ADV-2010-2972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285" + }, + { + "name": "42272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42272" + }, + { + "name": "FEDORA-2010-16714", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050784.html" + }, + { + "name": "FEDORA-2010-16687", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050805.html" + }, + { + "name": "FEDORA-2010-16676", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050787.html" + }, + { + "name": "ADV-2010-2972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2972" + }, + { + "name": "44335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44335" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3481.json b/2010/3xxx/CVE-2010-3481.json index d876374a7f8..2fbb0dbf97b 100644 --- a/2010/3xxx/CVE-2010-3481.json +++ b/2010/3xxx/CVE-2010-3481.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15011", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15011" - }, - { - "name" : "20100922 MOAUB #15 - PHP MicroCMS 1.0.1", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2010-September/002439.html" - }, - { - "name" : "43232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43232" - }, - { - "name" : "68073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68073" - }, - { - "name" : "41455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41455" - }, - { - "name" : "41492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41492" - }, - { - "name" : "phpmicrocms-login-sql-injection(61810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41492" + }, + { + "name": "phpmicrocms-login-sql-injection(61810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61810" + }, + { + "name": "43232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43232" + }, + { + "name": "68073", + "refsource": "OSVDB", + "url": "http://osvdb.org/68073" + }, + { + "name": "15011", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15011" + }, + { + "name": "20100922 MOAUB #15 - PHP MicroCMS 1.0.1", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2010-September/002439.html" + }, + { + "name": "41455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41455" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4427.json b/2010/4xxx/CVE-2010-4427.json index 362a4fa252e..96282f63508 100644 --- a/2010/4xxx/CVE-2010-4427.json +++ b/2010/4xxx/CVE-2010-4427.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45900" - }, - { - "name" : "70561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70561" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42977" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-bipublisher-unauth-access(64777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "42977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42977" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "oracle-bipublisher-unauth-access(64777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64777" + }, + { + "name": "45900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "70561", + "refsource": "OSVDB", + "url": "http://osvdb.org/70561" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4461.json b/2010/4xxx/CVE-2010-4461.json index 3b388751f93..f17aaf38d7b 100644 --- a/2010/4xxx/CVE-2010-4461.json +++ b/2010/4xxx/CVE-2010-4461.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45857" - }, - { - "name" : "70591", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70591" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42982" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-eperformance-unauth-access(64790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "70591", + "refsource": "OSVDB", + "url": "http://osvdb.org/70591" + }, + { + "name": "peoplesoft-eperformance-unauth-access(64790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64790" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "45857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45857" + }, + { + "name": "42982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42982" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0547.json b/2014/0xxx/CVE-2014-0547.json index 3bd6d0e4697..0e62cbecf5d 100644 --- a/2014/0xxx/CVE-2014-0547.json +++ b/2014/0xxx/CVE-2014-0547.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" - }, - { - "name" : "GLSA-201409-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-05.xml" - }, - { - "name" : "SUSE-SU-2014:1124", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:1110", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" - }, - { - "name" : "openSUSE-SU-2014:1130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" - }, - { - "name" : "69695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69695" - }, - { - "name" : "1030822", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030822" - }, - { - "name" : "61089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61089" - }, - { - "name" : "adobe-flash-cve20140547-code-exec(95817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-flash-cve20140547-code-exec(95817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95817" + }, + { + "name": "GLSA-201409-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-05.xml" + }, + { + "name": "61089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61089" + }, + { + "name": "openSUSE-SU-2014:1130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" + }, + { + "name": "openSUSE-SU-2014:1110", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" + }, + { + "name": "SUSE-SU-2014:1124", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" + }, + { + "name": "1030822", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030822" + }, + { + "name": "69695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69695" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0701.json b/2014/0xxx/CVE-2014-0701.json index 7d752635823..5e96d11ccb0 100644 --- a/2014/0xxx/CVE-2014-0701.json +++ b/2014/0xxx/CVE-2014-0701.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10051.json b/2014/10xxx/CVE-2014-10051.json index 5b5a670c8be..560f2be8d35 100644 --- a/2014/10xxx/CVE-2014-10051.json +++ b/2014/10xxx/CVE-2014-10051.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cache side-channel vulnerability in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cache side-channel vulnerability in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4116.json b/2014/4xxx/CVE-2014-4116.json index 3ec4b318df2..5f1788d1aaa 100644 --- a/2014/4xxx/CVE-2014-4116.json +++ b/2014/4xxx/CVE-2014-4116.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073" - }, - { - "name" : "1031192", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073" + }, + { + "name": "1031192", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031192" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4724.json b/2014/4xxx/CVE-2014-4724.json index 442bb90468c..b424c15289f 100644 --- a/2014/4xxx/CVE-2014-4724.json +++ b/2014/4xxx/CVE-2014-4724.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html" - }, - { - "name" : "68279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68279" + }, + { + "name": "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8207.json b/2014/8xxx/CVE-2014-8207.json index b5c6ef8f824..87aabb42108 100644 --- a/2014/8xxx/CVE-2014-8207.json +++ b/2014/8xxx/CVE-2014-8207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8207", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8846.json b/2014/8xxx/CVE-2014-8846.json index 9e67976ad7c..b1ee2480877 100644 --- a/2014/8xxx/CVE-2014-8846.json +++ b/2014/8xxx/CVE-2014-8846.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8846", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8846", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9449.json b/2014/9xxx/CVE-2014-9449.json index e088713b6a5..cfb03ae1705 100644 --- a/2014/9xxx/CVE-2014-9449.json +++ b/2014/9xxx/CVE-2014-9449.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.exiv2.org/issues/960", - "refsource" : "CONFIRM", - "url" : "http://dev.exiv2.org/issues/960" - }, - { - "name" : "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263", - "refsource" : "CONFIRM", - "url" : "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263" - }, - { - "name" : "FEDORA-2015-0301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html" - }, - { - "name" : "GLSA-201507-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-03" - }, - { - "name" : "USN-2454-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2454-1" - }, - { - "name" : "71912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71912" - }, - { - "name" : "61801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2454-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2454-1" + }, + { + "name": "FEDORA-2015-0301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html" + }, + { + "name": "http://dev.exiv2.org/issues/960", + "refsource": "CONFIRM", + "url": "http://dev.exiv2.org/issues/960" + }, + { + "name": "61801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61801" + }, + { + "name": "GLSA-201507-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-03" + }, + { + "name": "71912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71912" + }, + { + "name": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263", + "refsource": "CONFIRM", + "url": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9517.json b/2014/9xxx/CVE-2014-9517.json index 6c15245c038..60b7394f9a2 100644 --- a/2014/9xxx/CVE-2014-9517.json +++ b/2014/9xxx/CVE-2014-9517.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141219 BF and XSS vulnerabilities in D-Link DCS-2103", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/85" - }, - { - "name" : "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html" - }, - { - "name" : "http://websecurity.com.ua/7288/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/7288/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141219 BF and XSS vulnerabilities in D-Link DCS-2103", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/85" + }, + { + "name": "http://websecurity.com.ua/7288/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/7288/" + }, + { + "name": "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9778.json b/2014/9xxx/CVE-2014-9778.json index c67602c0551..661b7fd0eef 100644 --- a/2014/9xxx/CVE-2014-9778.json +++ b/2014/9xxx/CVE-2014-9778.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9820.json b/2014/9xxx/CVE-2014-9820.json index 3ae4eda920c..bcc67295a1b 100644 --- a/2014/9xxx/CVE-2014-9820.json +++ b/2014/9xxx/CVE-2014-9820.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343476", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343476", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343476" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3471.json b/2016/3xxx/CVE-2016-3471.json index a94e9ffe6ff..64f6df9a896 100644 --- a/2016/3xxx/CVE-2016-3471.json +++ b/2016/3xxx/CVE-2016-3471.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91913" - }, - { - "name" : "1036362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "1036362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036362" + }, + { + "name": "91913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91913" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3660.json b/2016/3xxx/CVE-2016-3660.json index 75f0d4b9c73..acbd2b71f10 100644 --- a/2016/3xxx/CVE-2016-3660.json +++ b/2016/3xxx/CVE-2016-3660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3747.json b/2016/3xxx/CVE-2016-3747.json index 2330be067da..edda96285d5 100644 --- a/2016/3xxx/CVE-2016-3747.json +++ b/2016/3xxx/CVE-2016-3747.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6217.json b/2016/6xxx/CVE-2016-6217.json index e64f30d4f81..efe6285c627 100644 --- a/2016/6xxx/CVE-2016-6217.json +++ b/2016/6xxx/CVE-2016-6217.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html", - "refsource" : "CONFIRM", - "url" : "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html", + "refsource": "CONFIRM", + "url": "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6560.json b/2016/6xxx/CVE-2016-6560.json index c4f9822db7b..c79ea8bd6ce 100644 --- a/2016/6xxx/CVE-2016-6560.json +++ b/2016/6xxx/CVE-2016-6560.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "osnet-incorporation", - "version" : { - "version_data" : [ - { - "version_value" : "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933" - } - ] - } - } - ] - }, - "vendor_name" : "illumos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-195: Signed to Unsigned Conversion Error" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "osnet-incorporation", + "version": { + "version_data": [ + { + "version_value": "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933" + } + ] + } + } + ] + }, + "vendor_name": "illumos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71", - "refsource" : "CONFIRM", - "url" : "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71" - }, - { - "name" : "https://www.illumos.org/issues/7488", - "refsource" : "CONFIRM", - "url" : "https://www.illumos.org/issues/7488" - }, - { - "name" : "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/", - "refsource" : "CONFIRM", - "url" : "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-195: Signed to Unsigned Conversion Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.illumos.org/issues/7488", + "refsource": "CONFIRM", + "url": "https://www.illumos.org/issues/7488" + }, + { + "name": "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71", + "refsource": "CONFIRM", + "url": "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71" + }, + { + "name": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/", + "refsource": "CONFIRM", + "url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6582.json b/2016/6xxx/CVE-2016-6582.json index 42d4ec4d97e..b87bba29c1e 100644 --- a/2016/6xxx/CVE-2016-6582.json +++ b/2016/6xxx/CVE-2016-6582.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539268/100/0/threaded" - }, - { - "name" : "20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/105" - }, - { - "name" : "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html" - }, - { - "name" : "https://github.com/doorkeeper-gem/doorkeeper/issues/875", - "refsource" : "CONFIRM", - "url" : "https://github.com/doorkeeper-gem/doorkeeper/issues/875" - }, - { - "name" : "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0" - }, - { - "name" : "92551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92551" + }, + { + "name": "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html" + }, + { + "name": "20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539268/100/0/threaded" + }, + { + "name": "20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/105" + }, + { + "name": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0", + "refsource": "CONFIRM", + "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0" + }, + { + "name": "https://github.com/doorkeeper-gem/doorkeeper/issues/875", + "refsource": "CONFIRM", + "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/875" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7125.json b/2016/7xxx/CVE-2016-7125.json index 794b5698431..c0fbcd0da32 100644 --- a/2016/7xxx/CVE-2016-7125.json +++ b/2016/7xxx/CVE-2016-7125.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/09/02/9" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72681", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72681" - }, - { - "name" : "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92552" - }, - { - "name" : "1036680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=72681", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72681" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1" + }, + { + "name": "1036680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036680" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/09/02/9" + }, + { + "name": "92552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92552" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7303.json b/2016/7xxx/CVE-2016-7303.json index d16803c4e3f..88747d47ce4 100644 --- a/2016/7xxx/CVE-2016-7303.json +++ b/2016/7xxx/CVE-2016-7303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7303", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7303", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7532.json b/2016/7xxx/CVE-2016-7532.json index f5dca81988b..7e9f7441fbd 100644 --- a/2016/7xxx/CVE-2016-7532.json +++ b/2016/7xxx/CVE-2016-7532.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378764", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378764" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/109", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/109" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066" + }, + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/109", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/109" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378764", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378764" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7606.json b/2016/7xxx/CVE-2016-7606.json index bf806e47ce2..f28f563549f 100644 --- a/2016/7xxx/CVE-2016-7606.json +++ b/2016/7xxx/CVE-2016-7606.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7808.json b/2016/7xxx/CVE-2016-7808.json index c35f119a428..86e7804e012 100644 --- a/2016/7xxx/CVE-2016-7808.json +++ b/2016/7xxx/CVE-2016-7808.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CG-WLBARGMH", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - }, - { - "product_name" : "CG-WLBARGNL", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "Corega Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CG-WLBARGMH", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "CG-WLBARGNL", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "Corega Inc" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm", - "refsource" : "CONFIRM", - "url" : "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm" - }, - { - "name" : "JVN#25060672", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN25060672/index.html" - }, - { - "name" : "94249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm", + "refsource": "CONFIRM", + "url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm" + }, + { + "name": "JVN#25060672", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN25060672/index.html" + }, + { + "name": "94249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94249" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8089.json b/2016/8xxx/CVE-2016-8089.json index e6d8f4badd3..84e11271987 100644 --- a/2016/8xxx/CVE-2016-8089.json +++ b/2016/8xxx/CVE-2016-8089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8089", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8089", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8261.json b/2016/8xxx/CVE-2016-8261.json index dc82d6e02d8..6e1b6506f3e 100644 --- a/2016/8xxx/CVE-2016-8261.json +++ b/2016/8xxx/CVE-2016-8261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8261", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8261", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8741.json b/2016/8xxx/CVE-2016-8741.json index 382a4a2c938..f9416ab691b 100644 --- a/2016/8xxx/CVE-2016-8741.json +++ b/2016/8xxx/CVE-2016-8741.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-8741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Qpid Broker-J", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5" - }, - { - "version_value" : "6.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Leakage" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-8741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Broker-J", + "version": { + "version_data": [ + { + "version_value": "6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5" + }, + { + "version_value": "6.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[apache-qpid-users] 20161228 [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage ", - "refsource" : "MLIST", - "url" : "http://qpid.2158936.n2.nabble.com/CVE-2016-8741-Apache-Qpid-Broker-for-Java-Information-Leakage-td7657025.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-7599", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-7599" - }, - { - "name" : "95136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95136" - }, - { - "name" : "1037537", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037537", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037537" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-7599", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-7599" + }, + { + "name": "95136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95136" + }, + { + "refsource": "MLIST", + "name": "[apache-qpid-users] 20161228 [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage", + "url": "http://qpid.2158936.n2.nabble.com/CVE-2016-8741-Apache-Qpid-Broker-for-Java-Information-Leakage-td7657025.html" + } + ] + } +} \ No newline at end of file