diff --git a/2006/0xxx/CVE-2006-0160.json b/2006/0xxx/CVE-2006-0160.json index 04e80f4a492..a500a22c9a9 100644 --- a/2006/0xxx/CVE-2006-0160.json +++ b/2006/0xxx/CVE-2006-0160.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060109 [eVuln] Venom Board SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113683807903915&w=2" - }, - { - "name" : "http://evuln.com/vulns/21/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/21/summary.html" - }, - { - "name" : "16176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16176" - }, - { - "name" : "ADV-2006-0122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0122" - }, - { - "name" : "22297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22297" - }, - { - "name" : "18383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18383" - }, - { - "name" : "326", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/326" - }, - { - "name" : "venomboard-addpost-sql-injection(24046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "venomboard-addpost-sql-injection(24046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24046" + }, + { + "name": "ADV-2006-0122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0122" + }, + { + "name": "http://evuln.com/vulns/21/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/21/summary.html" + }, + { + "name": "326", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/326" + }, + { + "name": "16176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16176" + }, + { + "name": "22297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22297" + }, + { + "name": "18383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18383" + }, + { + "name": "20060109 [eVuln] Venom Board SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113683807903915&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0334.json b/2006/0xxx/CVE-2006-0334.json index 2bbf11739ab..33bc5fbbd41 100644 --- a/2006/0xxx/CVE-2006-0334.json +++ b/2006/0xxx/CVE-2006-0334.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is \"q\", but the only public archive of the original researcher notification shows an XSS manipulation in \"Keywords\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22626-my_amazon.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22626-my_amazon.txt" - }, - { - "name" : "16312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16312" - }, - { - "name" : "ADV-2006-0252", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0252" - }, - { - "name" : "22626", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22626" - }, - { - "name" : "18535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18535" - }, - { - "name" : "masm-search-xss(24230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is \"q\", but the only public archive of the original researcher notification shows an XSS manipulation in \"Keywords\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18535" + }, + { + "name": "ADV-2006-0252", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0252" + }, + { + "name": "masm-search-xss(24230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24230" + }, + { + "name": "http://osvdb.org/ref/22/22626-my_amazon.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22626-my_amazon.txt" + }, + { + "name": "16312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16312" + }, + { + "name": "22626", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22626" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0962.json b/2006/0xxx/CVE-2006-0962.json index 4be8d55eec9..385e7661338 100644 --- a/2006/0xxx/CVE-2006-0962.json +++ b/2006/0xxx/CVE-2006-0962.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1543", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1543" - }, - { - "name" : "16930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16930" - }, - { - "name" : "ADV-2006-0799", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0799" - }, - { - "name" : "19084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19084" - }, - { - "name" : "vubb-index-sql-injection(25019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16930" + }, + { + "name": "19084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19084" + }, + { + "name": "vubb-index-sql-injection(25019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25019" + }, + { + "name": "ADV-2006-0799", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0799" + }, + { + "name": "1543", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1543" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1303.json b/2006/1xxx/CVE-2006-1303.json index a027349132a..98c0e94bbe4 100644 --- a/2006/1xxx/CVE-2006-1303.json +++ b/2006/1xxx/CVE-2006-1303.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437041/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" - }, - { - "name" : "MS06-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" - }, - { - "name" : "VU#959049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/959049" - }, - { - "name" : "18328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18328" - }, - { - "name" : "ADV-2006-2319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2319" - }, - { - "name" : "26442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26442" - }, - { - "name" : "oval:org.mitre.oval:def:1135", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" - }, - { - "name" : "oval:org.mitre.oval:def:1767", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" - }, - { - "name" : "oval:org.mitre.oval:def:1830", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" - }, - { - "name" : "oval:org.mitre.oval:def:1928", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" - }, - { - "name" : "oval:org.mitre.oval:def:1973", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" - }, - { - "name" : "oval:org.mitre.oval:def:2017", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" - }, - { - "name" : "1016291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016291" - }, - { - "name" : "20595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20595" - }, - { - "name" : "ie-wmm2fxadll-execute-code(26774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18328" + }, + { + "name": "oval:org.mitre.oval:def:1135", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" + }, + { + "name": "VU#959049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/959049" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" + }, + { + "name": "20595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20595" + }, + { + "name": "ADV-2006-2319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2319" + }, + { + "name": "1016291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016291" + }, + { + "name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" + }, + { + "name": "ie-wmm2fxadll-execute-code(26774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" + }, + { + "name": "oval:org.mitre.oval:def:1767", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" + }, + { + "name": "oval:org.mitre.oval:def:2017", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" + }, + { + "name": "oval:org.mitre.oval:def:1973", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" + }, + { + "name": "oval:org.mitre.oval:def:1928", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" + }, + { + "name": "oval:org.mitre.oval:def:1830", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" + }, + { + "name": "MS06-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" + }, + { + "name": "26442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26442" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1350.json b/2006/1xxx/CVE-2006-1350.json index 8196dcfd184..187a385bf60 100644 --- a/2006/1xxx/CVE-2006-1350.json +++ b/2006/1xxx/CVE-2006-1350.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060321 Free Articles Directory Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428354/100/0/threaded" - }, - { - "name" : "20060322 Free Articles Directory - file inclusion, code execution?", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-March/000626.html" - }, - { - "name" : "17183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17183" - }, - { - "name" : "ADV-2006-1037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1037" - }, - { - "name" : "24024", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24024" - }, - { - "name" : "19320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19320" - }, - { - "name" : "616", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/616" - }, - { - "name" : "freearticlesdirectory-index-file-include(25378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "616", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/616" + }, + { + "name": "20060322 Free Articles Directory - file inclusion, code execution?", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-March/000626.html" + }, + { + "name": "24024", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24024" + }, + { + "name": "17183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17183" + }, + { + "name": "ADV-2006-1037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1037" + }, + { + "name": "freearticlesdirectory-index-file-include(25378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25378" + }, + { + "name": "20060321 Free Articles Directory Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428354/100/0/threaded" + }, + { + "name": "19320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19320" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1427.json b/2006/1xxx/CVE-2006-1427.json index 50e615a2c08..555d1292db2 100644 --- a/2006/1xxx/CVE-2006-1427.json +++ b/2006/1xxx/CVE-2006-1427.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html" - }, - { - "name" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1" - }, - { - "name" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1" - }, - { - "name" : "17359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17359" - }, - { - "name" : "ADV-2006-1102", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1102" - }, - { - "name" : "24278", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24278" - }, - { - "name" : "24279", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24279" - }, - { - "name" : "19506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19506" - }, - { - "name" : "webapp-index-xss(25435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1102", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1102" + }, + { + "name": "24279", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24279" + }, + { + "name": "17359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17359" + }, + { + "name": "19506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19506" + }, + { + "name": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1", + "refsource": "CONFIRM", + "url": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1" + }, + { + "name": "webapp-index-xss(25435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25435" + }, + { + "name": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1", + "refsource": "CONFIRM", + "url": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1" + }, + { + "name": "24278", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24278" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1474.json b/2006/1xxx/CVE-2006-1474.json index 6ac679669b5..814da24cf7e 100644 --- a/2006/1xxx/CVE-2006-1474.json +++ b/2006/1xxx/CVE-2006-1474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"failed\" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060324 [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428971/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"failed\" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060324 [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428971/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1625.json b/2006/1xxx/CVE-2006-1625.json index 31b3a5945d1..8ebd3c2fac4 100644 --- a/2006/1xxx/CVE-2006-1625.json +++ b/2006/1xxx/CVE-2006-1625.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060402 MyBB 1.10 New CrossSiteScripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429748/100/0/threaded" - }, - { - "name" : "17368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17368" - }, - { - "name" : "ADV-2006-1216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1216" - }, - { - "name" : "24375", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24375" - }, - { - "name" : "19516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19516" - }, - { - "name" : "mybb-email-img-bbcode-xss(25615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17368" + }, + { + "name": "19516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19516" + }, + { + "name": "mybb-email-img-bbcode-xss(25615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615" + }, + { + "name": "24375", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24375" + }, + { + "name": "ADV-2006-1216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1216" + }, + { + "name": "20060402 MyBB 1.10 New CrossSiteScripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1685.json b/2006/1xxx/CVE-2006-1685.json index a94b25c4cde..71bbc68854a 100644 --- a/2006/1xxx/CVE-2006-1685.json +++ b/2006/1xxx/CVE-2006-1685.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html" - }, - { - "name" : "17425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17425" - }, - { - "name" : "ADV-2006-1293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1293" - }, - { - "name" : "19592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19592" - }, - { - "name" : "apt-webshop-sql-injection(25731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19592" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html" + }, + { + "name": "ADV-2006-1293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1293" + }, + { + "name": "apt-webshop-sql-injection(25731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25731" + }, + { + "name": "17425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17425" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5004.json b/2006/5xxx/CVE-2006-5004.json index 2c74032f209..cbaf8f2c129 100644 --- a/2006/5xxx/CVE-2006-5004.json +++ b/2006/5xxx/CVE-2006-5004.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IY88687", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88687" - }, - { - "name" : "IY88688", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88688" - }, - { - "name" : "20194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20194" - }, - { - "name" : "ADV-2006-3770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3770" - }, - { - "name" : "1016922", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016922" - }, - { - "name" : "22099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22099" - }, - { - "name" : "aix-rdist-file-overwrite(29159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20194" + }, + { + "name": "aix-rdist-file-overwrite(29159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29159" + }, + { + "name": "IY88688", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88688" + }, + { + "name": "IY88687", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88687" + }, + { + "name": "ADV-2006-3770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3770" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + }, + { + "name": "22099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22099" + }, + { + "name": "1016922", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016922" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5892.json b/2006/5xxx/CVE-2006-5892.json index 8ff97c27ba6..9303bb020dc 100644 --- a/2006/5xxx/CVE-2006-5892.json +++ b/2006/5xxx/CVE-2006-5892.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061111 AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451320/100/0/threaded" - }, - { - "name" : "2746", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2746" - }, - { - "name" : "20987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20987" - }, - { - "name" : "ADV-2006-4428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4428" - }, - { - "name" : "22796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22796" - }, - { - "name" : "asppired2-moreinfo-sql-injection(30160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061111 AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451320/100/0/threaded" + }, + { + "name": "20987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20987" + }, + { + "name": "22796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22796" + }, + { + "name": "ADV-2006-4428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4428" + }, + { + "name": "asppired2-moreinfo-sql-injection(30160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30160" + }, + { + "name": "2746", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2746" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2403.json b/2007/2xxx/CVE-2007-2403.json index ecb016bc174..5a51bec1df6 100644 --- a/2007/2xxx/CVE-2007-2403.json +++ b/2007/2xxx/CVE-2007-2403.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "1018491", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018491" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "macos-ftp-command-execution(35721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "1018491", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018491" + }, + { + "name": "macos-ftp-command-execution(35721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35721" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0191.json b/2010/0xxx/CVE-2010-0191.json index 8fb563577e9..f38883f7b0a 100644 --- a/2010/0xxx/CVE-2010-0191.json +++ b/2010/0xxx/CVE-2010-0191.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a \"prefix protocol handler vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "oval:org.mitre.oval:def:6729", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6729" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a \"prefix protocol handler vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6729", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6729" + }, + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0537.json b/2010/0xxx/CVE-2010-0537.json index b46bc1b4d11..3cd792161f9 100644 --- a/2010/0xxx/CVE-2010-0537.json +++ b/2010/0xxx/CVE-2010-0537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0564.json b/2010/0xxx/CVE-2010-0564.json index bb7f4fd2c5f..d028a549aac 100644 --- a/2010/0xxx/CVE-2010-0564.json +++ b/2010/0xxx/CVE-2010-0564.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt", - "refsource" : "MISC", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt" - }, - { - "name" : "38083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38083" - }, - { - "name" : "1023553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023553" - }, - { - "name" : "38396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38396" - }, - { - "name" : "ADV-2010-0295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0295" - }, - { - "name" : "officescan-tmufe-bo(56097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "officescan-tmufe-bo(56097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56097" + }, + { + "name": "38396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38396" + }, + { + "name": "1023553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023553" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt", + "refsource": "MISC", + "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt" + }, + { + "name": "38083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38083" + }, + { + "name": "ADV-2010-0295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0295" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0683.json b/2010/0xxx/CVE-2010-0683.json index 5853c47d740..ff6bfb3e2d3 100644 --- a/2010/0xxx/CVE-2010-0683.json +++ b/2010/0xxx/CVE-2010-0683.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/adminstrator-advisory_20100223.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/adminstrator-advisory_20100223.jsp" - }, - { - "name" : "38396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38396" - }, - { - "name" : "38732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38732" - }, - { - "name" : "ADV-2010-0463", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0463", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0463" + }, + { + "name": "38732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38732" + }, + { + "name": "38396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38396" + }, + { + "name": "http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt" + }, + { + "name": "http://www.tibco.com/services/support/advisories/adminstrator-advisory_20100223.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/adminstrator-advisory_20100223.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0822.json b/2010/0xxx/CVE-2010-0822.json index aff19ae46dd..ae965e8c346 100644 --- a/2010/0xxx/CVE-2010-0822.json +++ b/2010/0xxx/CVE-2010-0822.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka \"Excel Object Stack Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511752/100/0/threaded" - }, - { - "name" : "MS10-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40520" - }, - { - "name" : "65236", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65236" - }, - { - "name" : "oval:org.mitre.oval:def:7265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka \"Excel Object Stack Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100608 VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511752/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:7265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7265" + }, + { + "name": "MS10-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" + }, + { + "name": "40520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40520" + }, + { + "name": "65236", + "refsource": "OSVDB", + "url": "http://osvdb.org/65236" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1504.json b/2010/1xxx/CVE-2010-1504.json index 2cd3aa83b9f..17587cb3dc0 100644 --- a/2010/1xxx/CVE-2010-1504.json +++ b/2010/1xxx/CVE-2010-1504.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.chromium.org/40138", - "refsource" : "CONFIRM", - "url" : "http://bugs.chromium.org/40138" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" - }, - { - "name" : "39603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39603" - }, - { - "name" : "39669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39669" - }, - { - "name" : "63998", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63998" - }, - { - "name" : "oval:org.mitre.oval:def:11418", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11418" - }, - { - "name" : "39544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63998", + "refsource": "OSVDB", + "url": "http://osvdb.org/63998" + }, + { + "name": "39603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39603" + }, + { + "name": "39544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39544" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" + }, + { + "name": "39669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39669" + }, + { + "name": "http://bugs.chromium.org/40138", + "refsource": "CONFIRM", + "url": "http://bugs.chromium.org/40138" + }, + { + "name": "oval:org.mitre.oval:def:11418", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11418" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1774.json b/2010/1xxx/CVE-2010-1774.json index be3cd639fda..1bfddb4bb1f 100644 --- a/2010/1xxx/CVE-2010-1774.json +++ b/2010/1xxx/CVE-2010-1774.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:7476", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7476" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "safari-webkit-htmltables-ce(59218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:7476", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7476" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "safari-webkit-htmltables-ce(59218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59218" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3005.json b/2010/3xxx/CVE-2010-3005.json index f855e73af2d..187ee2c34c6 100644 --- a/2010/3xxx/CVE-2010-3005.json +++ b/2010/3xxx/CVE-2010-3005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02572", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800" - }, - { - "name" : "SSRT100082", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800" - }, - { - "name" : "41277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02572", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800" + }, + { + "name": "41277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41277" + }, + { + "name": "SSRT100082", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3570.json b/2010/3xxx/CVE-2010-3570.json index 0e4c9defcb9..b4b3e17cc26 100644 --- a/2010/3xxx/CVE-2010-3570.json +++ b/2010/3xxx/CVE-2010-3570.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "44020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44020" - }, - { - "name" : "oval:org.mitre.oval:def:12173", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12173" - }, - { - "name" : "oval:org.mitre.oval:def:12509", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:12173", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12173" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "44020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44020" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:12509", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12509" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3601.json b/2010/3xxx/CVE-2010-3601.json index 04a5f9a6b88..c459481b3a7 100644 --- a/2010/3xxx/CVE-2010-3601.json +++ b/2010/3xxx/CVE-2010-3601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15070", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15070" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt" - }, - { - "name" : "43374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43374" - }, - { - "name" : "ADV-2010-2437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2437" + }, + { + "name": "15070", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15070" + }, + { + "name": "43374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43374" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3902.json b/2010/3xxx/CVE-2010-3902.json index bbea5989614..ba712a4cc8b 100644 --- a/2010/3xxx/CVE-2010-3902.json +++ b/2010/3xxx/CVE-2010-3902.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.infradead.org/openconnect.html", - "refsource" : "CONFIRM", - "url" : "http://www.infradead.org/openconnect.html" - }, - { - "name" : "FEDORA-2010-18032", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html" - }, - { - "name" : "FEDORA-2010-18053", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html" - }, - { - "name" : "FEDORA-2010-18055", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html" - }, - { - "name" : "44111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44111" - }, - { - "name" : "42381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42381" - }, - { - "name" : "ADV-2010-3078", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-18053", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html" + }, + { + "name": "FEDORA-2010-18055", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html" + }, + { + "name": "FEDORA-2010-18032", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html" + }, + { + "name": "ADV-2010-3078", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3078" + }, + { + "name": "44111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44111" + }, + { + "name": "http://www.infradead.org/openconnect.html", + "refsource": "CONFIRM", + "url": "http://www.infradead.org/openconnect.html" + }, + { + "name": "42381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42381" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4170.json b/2010/4xxx/CVE-2010-4170.json index 90b085a0d0d..06e3c144e0c 100644 --- a/2010/4xxx/CVE-2010-4170.json +++ b/2010/4xxx/CVE-2010-4170.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15620", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15620" - }, - { - "name" : "[systemtap] 20101117 important systemtap security fix", - "refsource" : "MLIST", - "url" : "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html" - }, - { - "name" : "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2", - "refsource" : "CONFIRM", - "url" : "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2" - }, - { - "name" : "DSA-2348", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2348" - }, - { - "name" : "FEDORA-2010-17865", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html" - }, - { - "name" : "FEDORA-2010-17868", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html" - }, - { - "name" : "FEDORA-2010-17873", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html" - }, - { - "name" : "RHSA-2010:0894", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0894.html" - }, - { - "name" : "RHSA-2010:0895", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0895.html" - }, - { - "name" : "44914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44914" - }, - { - "name" : "1024754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024754" - }, - { - "name" : "42256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42256" - }, - { - "name" : "42263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42263" - }, - { - "name" : "42306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42306" - }, - { - "name" : "42318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42318" - }, - { - "name" : "46920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46920" - }, - { - "name" : "systemtap-staprun-priv-escalation(63344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "systemtap-staprun-priv-escalation(63344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63344" + }, + { + "name": "[systemtap] 20101117 important systemtap security fix", + "refsource": "MLIST", + "url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html" + }, + { + "name": "FEDORA-2010-17873", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html" + }, + { + "name": "15620", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15620" + }, + { + "name": "42263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42263" + }, + { + "name": "FEDORA-2010-17865", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html" + }, + { + "name": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2", + "refsource": "CONFIRM", + "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2" + }, + { + "name": "RHSA-2010:0894", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html" + }, + { + "name": "RHSA-2010:0895", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0895.html" + }, + { + "name": "42306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42306" + }, + { + "name": "44914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44914" + }, + { + "name": "DSA-2348", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2348" + }, + { + "name": "1024754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024754" + }, + { + "name": "46920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46920" + }, + { + "name": "42256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42256" + }, + { + "name": "42318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42318" + }, + { + "name": "FEDORA-2010-17868", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4181.json b/2010/4xxx/CVE-2010-4181.json index 66fe11e4729..397e4de51dd 100644 --- a/2010/4xxx/CVE-2010-4181.json +++ b/2010/4xxx/CVE-2010-4181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\\ (dot dot backslash) and other sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15371", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15371" - }, - { - "name" : "44564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44564" - }, - { - "name" : "68962", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68962" - }, - { - "name" : "42066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42066" - }, - { - "name" : "ADV-2010-2858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2858" - }, - { - "name" : "yaws-url-directory-traversal(62917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\\ (dot dot backslash) and other sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yaws-url-directory-traversal(62917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62917" + }, + { + "name": "42066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42066" + }, + { + "name": "15371", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15371" + }, + { + "name": "68962", + "refsource": "OSVDB", + "url": "http://osvdb.org/68962" + }, + { + "name": "ADV-2010-2858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2858" + }, + { + "name": "44564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44564" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4231.json b/2010/4xxx/CVE-2010-4231.json index 51be63bd02c..9ec66b0ca58 100644 --- a/2010/4xxx/CVE-2010-4231.json +++ b/2010/4xxx/CVE-2010-4231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101112 TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514753/100/0/threaded" - }, - { - "name" : "15505", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15505/" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15505", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15505/" + }, + { + "name": "20101112 TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514753/100/0/threaded" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4373.json b/2010/4xxx/CVE-2010-4373.json index 3b36b37492e..76e12a4aa99 100644 --- a/2010/4xxx/CVE-2010-4373.json +++ b/2010/4xxx/CVE-2010-4373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.winamp.com/showthread.php?t=324322", - "refsource" : "CONFIRM", - "url" : "http://forums.winamp.com/showthread.php?t=324322" - }, - { - "name" : "http://forums.winamp.com/showthread.php?threadid=159785", - "refsource" : "CONFIRM", - "url" : "http://forums.winamp.com/showthread.php?threadid=159785" - }, - { - "name" : "oval:org.mitre.oval:def:12425", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.winamp.com/showthread.php?threadid=159785", + "refsource": "CONFIRM", + "url": "http://forums.winamp.com/showthread.php?threadid=159785" + }, + { + "name": "oval:org.mitre.oval:def:12425", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425" + }, + { + "name": "http://forums.winamp.com/showthread.php?t=324322", + "refsource": "CONFIRM", + "url": "http://forums.winamp.com/showthread.php?t=324322" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4418.json b/2010/4xxx/CVE-2010-4418.json index 59ed18bb66f..f59351f65d0 100644 --- a/2010/4xxx/CVE-2010-4418.json +++ b/2010/4xxx/CVE-2010-4418.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45865" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42924" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-pia-code-execution(64785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "45865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45865" + }, + { + "name": "42924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42924" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "peoplesoft-pia-code-execution(64785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64785" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4439.json b/2010/4xxx/CVE-2010-4439.json index c534528d7c6..e2e14365c7b 100644 --- a/2010/4xxx/CVE-2010-4439.json +++ b/2010/4xxx/CVE-2010-4439.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45866" - }, - { - "name" : "70574", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70574" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42982" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-eprofile-info-disclosure(64794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "70574", + "refsource": "OSVDB", + "url": "http://osvdb.org/70574" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "peoplesoft-eprofile-info-disclosure(64794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64794" + }, + { + "name": "45866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45866" + }, + { + "name": "42982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42982" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0074.json b/2014/0xxx/CVE-2014-0074.json index 770471f8483..f1e5517e242 100644 --- a/2014/0xxx/CVE-2014-0074.json +++ b/2014/0xxx/CVE-2014-0074.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140303 [Announce] Apache Shiro 1.2.3 Released - Security Advisory", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/22" - }, - { - "name" : "https://issues.apache.org/jira/browse/SHIRO-460", - "refsource" : "MISC", - "url" : "https://issues.apache.org/jira/browse/SHIRO-460" - }, - { - "name" : "RHSA-2014:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140303 [Announce] Apache Shiro 1.2.3 Released - Security Advisory", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/22" + }, + { + "name": "https://issues.apache.org/jira/browse/SHIRO-460", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/SHIRO-460" + }, + { + "name": "RHSA-2014:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0090.json b/2014/0xxx/CVE-2014-0090.json index 46fb520f970..61b08221e28 100644 --- a/2014/0xxx/CVE-2014-0090.json +++ b/2014/0xxx/CVE-2014-0090.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/4457", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/4457" - }, - { - "name" : "http://theforeman.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072151", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072151", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072151" + }, + { + "name": "http://projects.theforeman.org/issues/4457", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/4457" + }, + { + "name": "http://theforeman.org/security.html", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0880.json b/2014/0xxx/CVE-2014-0880.json index 88fe4e473fa..8aa8f8f0337 100644 --- a/2014/0xxx/CVE-2014-0880.json +++ b/2014/0xxx/CVE-2014-0880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570" - }, - { - "name" : "ibm-storwize-cve20140880-cli(91145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-storwize-cve20140880-cli(91145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91145" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4166.json b/2014/4xxx/CVE-2014-4166.json index 42406c19b8b..69302717fac 100644 --- a/2014/4xxx/CVE-2014-4166.json +++ b/2014/4xxx/CVE-2014-4166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33714", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33714" - }, - { - "name" : "http://packetstormsecurity.com/files/127074/SHOUTcast-DNAS-2.2.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127074/SHOUTcast-DNAS-2.2.1-Cross-Site-Scripting.html" - }, - { - "name" : "68019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68019" - }, - { - "name" : "108052", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/108052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "108052", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/108052" + }, + { + "name": "33714", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33714" + }, + { + "name": "68019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68019" + }, + { + "name": "http://packetstormsecurity.com/files/127074/SHOUTcast-DNAS-2.2.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127074/SHOUTcast-DNAS-2.2.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4375.json b/2014/4xxx/CVE-2014-4375.json index 43a10e1146b..0adc5ed0fda 100644 --- a/2014/4xxx/CVE-2014-4375.json +++ b/2014/4xxx/CVE-2014-4375.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69944" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144375-code-exec(96090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appleios-cve20144375-code-exec(96090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96090" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "69944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69944" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4780.json b/2014/4xxx/CVE-2014-4780.json index 18679abdf42..683935e9252 100644 --- a/2014/4xxx/CVE-2014-4780.json +++ b/2014/4xxx/CVE-2014-4780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4780", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4780", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8358.json b/2014/8xxx/CVE-2014-8358.json index 40ff491695a..94ff1a2d274 100644 --- a/2014/8xxx/CVE-2014-8358.json +++ b/2014/8xxx/CVE-2014-8358.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html" - }, - { - "name" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152" - }, - { - "name" : "70672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152" + }, + { + "name": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html" + }, + { + "name": "70672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70672" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8693.json b/2014/8xxx/CVE-2014-8693.json index 28cd32e8757..03865e6e28b 100644 --- a/2014/8xxx/CVE-2014-8693.json +++ b/2014/8xxx/CVE-2014-8693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8802.json b/2014/8xxx/CVE-2014-8802.json index c27a3b1e1a3..84186119d68 100644 --- a/2014/8xxx/CVE-2014-8802.json +++ b/2014/8xxx/CVE-2014-8802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.szurek.pl/pie-register-2013-privilege-escalation.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/pie-register-2013-privilege-escalation.html" - }, - { - "name" : "https://wordpress.org/plugins/pie-register/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/pie-register/changelog/" - }, - { - "name" : "62351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62351" + }, + { + "name": "https://wordpress.org/plugins/pie-register/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/pie-register/changelog/" + }, + { + "name": "http://security.szurek.pl/pie-register-2013-privilege-escalation.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/pie-register-2013-privilege-escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8857.json b/2014/8xxx/CVE-2014-8857.json index 63945beea4a..538641e4019 100644 --- a/2014/8xxx/CVE-2014-8857.json +++ b/2014/8xxx/CVE-2014-8857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8857", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8857", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9076.json b/2014/9xxx/CVE-2014-9076.json index bc7ff7f399d..3c778a904df 100644 --- a/2014/9xxx/CVE-2014-9076.json +++ b/2014/9xxx/CVE-2014-9076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9082.json b/2014/9xxx/CVE-2014-9082.json index 16299f78a54..aa90efd13da 100644 --- a/2014/9xxx/CVE-2014-9082.json +++ b/2014/9xxx/CVE-2014-9082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9590.json b/2014/9xxx/CVE-2014-9590.json index 4db958a1b43..28e2bb73818 100644 --- a/2014/9xxx/CVE-2014-9590.json +++ b/2014/9xxx/CVE-2014-9590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9590", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9590", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9732.json b/2014/9xxx/CVE-2014-9732.json index 0fbc8aeb4e5..8cf78a1d341 100644 --- a/2014/9xxx/CVE-2014-9732.json +++ b/2014/9xxx/CVE-2014-9732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/02/03/11" - }, - { - "name" : "https://bugs.debian.org/774665", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/774665" - }, - { - "name" : "72474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/02/03/11" + }, + { + "name": "https://bugs.debian.org/774665", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/774665" + }, + { + "name": "72474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72474" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9815.json b/2014/9xxx/CVE-2014-9815.json index dfdb83e0afa..173e887cc75 100644 --- a/2014/9xxx/CVE-2014-9815.json +++ b/2014/9xxx/CVE-2014-9815.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343471", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343471", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343471" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9872.json b/2014/9xxx/CVE-2014-9872.json index 30b4012a3bb..a6c2fddd1d3 100644 --- a/2014/9xxx/CVE-2014-9872.json +++ b/2014/9xxx/CVE-2014-9872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2537.json b/2016/2xxx/CVE-2016-2537.json index ffd9ba9bc46..e09b4055683 100644 --- a/2016/2xxx/CVE-2016-2537.json +++ b/2016/2xxx/CVE-2016-2537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b", - "refsource" : "CONFIRM", - "url" : "https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b" - }, - { - "name" : "https://nodesecurity.io/advisories/76", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/76" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/76", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/76" + }, + { + "name": "https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b", + "refsource": "CONFIRM", + "url": "https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3177.json b/2016/3xxx/CVE-2016-3177.json index c7edd0eda8c..8493df2f0da 100644 --- a/2016/3xxx/CVE-2016-3177.json +++ b/2016/3xxx/CVE-2016-3177.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160316 Re: CVE Request : Use-after-free in gifcolor", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/16/12" - }, - { - "name" : "https://sourceforge.net/p/giflib/bugs/83/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/giflib/bugs/83/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/giflib/bugs/83/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/giflib/bugs/83/" + }, + { + "name": "[oss-security] 20160316 Re: CVE Request : Use-after-free in gifcolor", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/16/12" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3330.json b/2016/3xxx/CVE-2016-3330.json index 6f67f5bdd56..c04b1ae1db3 100644 --- a/2016/3xxx/CVE-2016-3330.json +++ b/2016/3xxx/CVE-2016-3330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "92807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92807" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "92807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92807" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3722.json b/2016/3xxx/CVE-2016-3722.json index afebc78706d..14c5e491e03 100644 --- a/2016/3xxx/CVE-2016-3722.json +++ b/2016/3xxx/CVE-2016-3722.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" - }, - { - "name" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" - }, - { - "name" : "RHSA-2016:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1206" - }, - { - "name" : "RHSA-2016:1773", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1773.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", + "refsource": "CONFIRM", + "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" + }, + { + "name": "RHSA-2016:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1206" + }, + { + "name": "RHSA-2016:1773", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3746.json b/2016/3xxx/CVE-2016-3746.json index 34639fd7bb1..f220c9cd11c 100644 --- a/2016/3xxx/CVE-2016-3746.json +++ b/2016/3xxx/CVE-2016-3746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6006.json b/2016/6xxx/CVE-2016-6006.json index f1f3433a9f2..5f050316636 100644 --- a/2016/6xxx/CVE-2016-6006.json +++ b/2016/6xxx/CVE-2016-6006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6098.json b/2016/6xxx/CVE-2016-6098.json index d8fb351e8b9..09ac531835b 100644 --- a/2016/6xxx/CVE-2016-6098.json +++ b/2016/6xxx/CVE-2016-6098.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997958", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997958" - }, - { - "name" : "95982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997958", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958" + }, + { + "name": "95982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95982" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6105.json b/2016/6xxx/CVE-2016-6105.json index 8b5d3c9fdd2..2602e0fc874 100644 --- a/2016/6xxx/CVE-2016-6105.json +++ b/2016/6xxx/CVE-2016-6105.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "1.0" - }, - { - "version_value" : "2.0" - }, - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "1.0" + }, + { + "version_value": "2.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997741", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997741" - }, - { - "name" : "95904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95904" - }, - { - "name" : "1037763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037763" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997741", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997741" + }, + { + "name": "95904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95904" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6532.json b/2016/6xxx/CVE-2016-6532.json index d3cd5ca736b..b247e06ec27 100644 --- a/2016/6xxx/CVE-2016-6532.json +++ b/2016/6xxx/CVE-2016-6532.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#282991", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/282991" - }, - { - "name" : "92823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#282991", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/282991" + }, + { + "name": "92823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92823" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6920.json b/2016/6xxx/CVE-2016-6920.json index e8adc6d4be3..2f62379555c 100644 --- a/2016/6xxx/CVE-2016-6920.json +++ b/2016/6xxx/CVE-2016-6920.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160907 CVE-2016-6920 ffmpeg exr file Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539368/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html" - }, - { - "name" : "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137" - }, - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - }, - { - "name" : "92664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92664" - }, - { - "name" : "92790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html" + }, + { + "name": "20160907 CVE-2016-6920 ffmpeg exr file Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539368/100/0/threaded" + }, + { + "name": "92664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92664" + }, + { + "name": "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137" + }, + { + "name": "92790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92790" + }, + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6983.json b/2016/6xxx/CVE-2016-6983.json index 09538cded70..b5e32b5dc54 100644 --- a/2016/6xxx/CVE-2016-6983.json +++ b/2016/6xxx/CVE-2016-6983.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6984.json b/2016/6xxx/CVE-2016-6984.json index 83d737c819e..c6e87078d72 100644 --- a/2016/6xxx/CVE-2016-6984.json +++ b/2016/6xxx/CVE-2016-6984.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7260.json b/2016/7xxx/CVE-2016-7260.json index 6fbfb3eed73..4c49ea792e8 100644 --- a/2016/7xxx/CVE-2016-7260.json +++ b/2016/7xxx/CVE-2016-7260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-151", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-151" - }, - { - "name" : "94785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94785" - }, - { - "name" : "1037452", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-151", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-151" + }, + { + "name": "1037452", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037452" + }, + { + "name": "94785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94785" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7512.json b/2016/7xxx/CVE-2016-7512.json index 56ea920e4ba..04890706da7 100644 --- a/2016/7xxx/CVE-2016-7512.json +++ b/2016/7xxx/CVE-2016-7512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8504.json b/2016/8xxx/CVE-2016-8504.json index 2de7b3ad72b..0dea087b3bc 100644 --- a/2016/8xxx/CVE-2016-8504.json +++ b/2016/8xxx/CVE-2016-8504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "browser-security@yandex-team.ru", - "ID" : "CVE-2016-8504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yandex Browser for desktop", - "version" : { - "version_data" : [ - { - "version_value" : "before 16.6 for OSx and Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Yandex N.V." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Profile synchronization form CSRF" - } + "CVE_data_meta": { + "ASSIGNER": "browser-security@yandex-team.ru", + "ID": "CVE-2016-8504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yandex Browser for desktop", + "version": { + "version_data": [ + { + "version_value": "before 16.6 for OSx and Windows" + } + ] + } + } + ] + }, + "vendor_name": "Yandex N.V." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://browser.yandex.com/security/changelogs/", - "refsource" : "CONFIRM", - "url" : "https://browser.yandex.com/security/changelogs/" - }, - { - "name" : "93924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Profile synchronization form CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93924" + }, + { + "name": "https://browser.yandex.com/security/changelogs/", + "refsource": "CONFIRM", + "url": "https://browser.yandex.com/security/changelogs/" + } + ] + } +} \ No newline at end of file