From c02e50c9144a47c0f0708df17490e7e7e59f4c2c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:42:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1261.json | 190 ++++++++-------- 2006/1xxx/CVE-2006-1743.json | 150 ++++++------- 2006/5xxx/CVE-2006-5352.json | 200 ++++++++--------- 2006/5xxx/CVE-2006-5598.json | 160 +++++++------- 2006/5xxx/CVE-2006-5860.json | 190 ++++++++-------- 2007/2xxx/CVE-2007-2002.json | 140 ++++++------ 2007/2xxx/CVE-2007-2344.json | 170 +++++++------- 2007/2xxx/CVE-2007-2430.json | 180 +++++++-------- 2007/3xxx/CVE-2007-3794.json | 160 +++++++------- 2007/6xxx/CVE-2007-6118.json | 390 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6237.json | 150 ++++++------- 2007/6xxx/CVE-2007-6253.json | 180 +++++++-------- 2007/6xxx/CVE-2007-6540.json | 140 ++++++------ 2010/0xxx/CVE-2010-0145.json | 140 ++++++------ 2010/0xxx/CVE-2010-0341.json | 120 +++++----- 2010/0xxx/CVE-2010-0468.json | 160 +++++++------- 2010/0xxx/CVE-2010-0586.json | 160 +++++++------- 2010/0xxx/CVE-2010-0824.json | 160 +++++++------- 2010/1xxx/CVE-2010-1058.json | 170 +++++++------- 2010/1xxx/CVE-2010-1203.json | 360 +++++++++++++++--------------- 2010/1xxx/CVE-2010-1508.json | 170 +++++++------- 2010/1xxx/CVE-2010-1847.json | 140 ++++++------ 2010/1xxx/CVE-2010-1987.json | 170 +++++++------- 2014/0xxx/CVE-2014-0117.json | 230 +++++++++---------- 2014/0xxx/CVE-2014-0351.json | 150 ++++++------- 2014/0xxx/CVE-2014-0978.json | 230 +++++++++---------- 2014/10xxx/CVE-2014-10047.json | 132 +++++------ 2014/1xxx/CVE-2014-1394.json | 34 +-- 2014/1xxx/CVE-2014-1747.json | 200 ++++++++--------- 2014/1xxx/CVE-2014-1983.json | 140 ++++++------ 2014/4xxx/CVE-2014-4546.json | 120 +++++----- 2014/5xxx/CVE-2014-5040.json | 130 +++++------ 2014/5xxx/CVE-2014-5704.json | 150 ++++++------- 2014/9xxx/CVE-2014-9328.json | 230 +++++++++---------- 2016/3xxx/CVE-2016-3164.json | 150 ++++++------- 2016/3xxx/CVE-2016-3230.json | 130 +++++------ 2016/3xxx/CVE-2016-3317.json | 140 ++++++------ 2016/3xxx/CVE-2016-3669.json | 34 +-- 2016/7xxx/CVE-2016-7498.json | 150 ++++++------- 2016/7xxx/CVE-2016-7616.json | 160 +++++++------- 2016/7xxx/CVE-2016-7826.json | 140 ++++++------ 2016/8xxx/CVE-2016-8066.json | 34 +-- 2016/8xxx/CVE-2016-8311.json | 176 +++++++-------- 2016/8xxx/CVE-2016-8347.json | 130 +++++------ 2016/8xxx/CVE-2016-8631.json | 172 +++++++-------- 2016/9xxx/CVE-2016-9025.json | 34 +-- 2016/9xxx/CVE-2016-9367.json | 130 +++++------ 2016/9xxx/CVE-2016-9597.json | 150 ++++++------- 2016/9xxx/CVE-2016-9646.json | 162 +++++++------- 2016/9xxx/CVE-2016-9856.json | 140 ++++++------ 2019/2xxx/CVE-2019-2133.json | 34 +-- 2019/2xxx/CVE-2019-2229.json | 34 +-- 2019/2xxx/CVE-2019-2824.json | 34 +-- 2019/2xxx/CVE-2019-2894.json | 34 +-- 54 files changed, 4032 insertions(+), 4032 deletions(-) diff --git a/2006/1xxx/CVE-2006-1261.json b/2006/1xxx/CVE-2006-1261.json index 347bae2a846..fe60fd2bce9 100644 --- a/2006/1xxx/CVE-2006-1261.json +++ b/2006/1xxx/CVE-2006-1261.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114243660409338&w=2" - }, - { - "name" : "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html" - }, - { - "name" : "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32", - "refsource" : "CONFIRM", - "url" : "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32" - }, - { - "name" : "17114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17114" - }, - { - "name" : "23920", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23920" - }, - { - "name" : "1015772", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015772" - }, - { - "name" : "19247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19247" - }, - { - "name" : "aspportal-multiple-xss(25235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17114" + }, + { + "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html" + }, + { + "name": "aspportal-multiple-xss(25235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235" + }, + { + "name": "1015772", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015772" + }, + { + "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32", + "refsource": "CONFIRM", + "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32" + }, + { + "name": "23920", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23920" + }, + { + "name": "19247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19247" + }, + { + "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114243660409338&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1743.json b/2006/1xxx/CVE-2006-1743.json index 7f5f678b19d..e24ea1558f9 100644 --- a/2006/1xxx/CVE-2006-1743.json +++ b/2006/1xxx/CVE-2006-1743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) nom or (2) mail parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17458" - }, - { - "name" : "ADV-2006-1315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1315" - }, - { - "name" : "19613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19613" - }, - { - "name" : "jbook-form-sql-injection(25735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) nom or (2) mail parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19613" + }, + { + "name": "ADV-2006-1315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1315" + }, + { + "name": "17458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17458" + }, + { + "name": "jbook-form-sql-injection(25735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25735" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5352.json b/2006/5xxx/CVE-2006-5352.json index 9b8d884f9e8..0cb98288e65 100644 --- a/2006/5xxx/CVE-2006-5352.json +++ b/2006/5xxx/CVE-2006-5352.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5598.json b/2006/5xxx/CVE-2006-5598.json index 41d10d9d040..4f4a6cdd325 100644 --- a/2006/5xxx/CVE-2006-5598.json +++ b/2006/5xxx/CVE-2006-5598.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2006/10/goop-gallery-image-param-cross-site.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/10/goop-gallery-image-param-cross-site.html" - }, - { - "name" : "http://webgeneius.com/index.php?mod=blog&id=49", - "refsource" : "CONFIRM", - "url" : "http://webgeneius.com/index.php?mod=blog&id=49" - }, - { - "name" : "20554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20554" - }, - { - "name" : "1017081", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017081" - }, - { - "name" : "goopgallery-index-xss(29643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2006/10/goop-gallery-image-param-cross-site.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/10/goop-gallery-image-param-cross-site.html" + }, + { + "name": "http://webgeneius.com/index.php?mod=blog&id=49", + "refsource": "CONFIRM", + "url": "http://webgeneius.com/index.php?mod=blog&id=49" + }, + { + "name": "20554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20554" + }, + { + "name": "goopgallery-index-xss(29643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29643" + }, + { + "name": "1017081", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017081" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5860.json b/2006/5xxx/CVE-2006-5860.json index 8f1af94dc76..d22f0583f3f 100644 --- a/2006/5xxx/CVE-2006-5860.json +++ b/2006/5xxx/CVE-2006-5860.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-05.html" - }, - { - "name" : "22547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22547" - }, - { - "name" : "ADV-2007-0594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0594" - }, - { - "name" : "32122", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32122" - }, - { - "name" : "1017646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017646" - }, - { - "name" : "1017647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017647" - }, - { - "name" : "24093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24093" - }, - { - "name" : "jrun-administrator-console-xss(32475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24093" + }, + { + "name": "ADV-2007-0594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0594" + }, + { + "name": "jrun-administrator-console-xss(32475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32475" + }, + { + "name": "1017647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017647" + }, + { + "name": "22547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22547" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-05.html" + }, + { + "name": "32122", + "refsource": "OSVDB", + "url": "http://osvdb.org/32122" + }, + { + "name": "1017646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017646" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2002.json b/2007/2xxx/CVE-2007-2002.json index 0a6e81ac563..5cc28cdfafd 100644 --- a/2007/2xxx/CVE-2007-2002.json +++ b/2007/2xxx/CVE-2007-2002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3702", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3702" - }, - { - "name" : "ADV-2007-1345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1345" - }, - { - "name" : "24842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24842" + }, + { + "name": "3702", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3702" + }, + { + "name": "ADV-2007-1345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1345" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2344.json b/2007/2xxx/CVE-2007-2344.json index 30baba5f5f3..33edddc8b44 100644 --- a/2007/2xxx/CVE-2007-2344.json +++ b/2007/2xxx/CVE-2007-2344.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid \"packet type\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 Enterasys Networks Multiple NetSight Products Multiple Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506" - }, - { - "name" : "http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf" - }, - { - "name" : "ADV-2007-1271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1271" - }, - { - "name" : "34628", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34628" - }, - { - "name" : "1017876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017876" - }, - { - "name" : "24764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid \"packet type\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24764" + }, + { + "name": "ADV-2007-1271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1271" + }, + { + "name": "20070404 Enterasys Networks Multiple NetSight Products Multiple Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506" + }, + { + "name": "1017876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017876" + }, + { + "name": "34628", + "refsource": "OSVDB", + "url": "http://osvdb.org/34628" + }, + { + "name": "http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf", + "refsource": "CONFIRM", + "url": "http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2430.json b/2007/2xxx/CVE-2007-2430.json index d23485a0324..5333a467532 100644 --- a/2007/2xxx/CVE-2007-2430.json +++ b/2007/2xxx/CVE-2007-2430.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3816", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3816" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=690912", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=690912" - }, - { - "name" : "20070501 TCExam code injection: why does this work? (and vendor ACK)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-May/001571.html" - }, - { - "name" : "23705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23705" - }, - { - "name" : "ADV-2007-1583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1583" - }, - { - "name" : "25008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25008" - }, - { - "name" : "tcexam-sessionuserlang-file-upload(33958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tcexam-sessionuserlang-file-upload(33958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33958" + }, + { + "name": "25008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25008" + }, + { + "name": "23705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23705" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=690912", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=690912" + }, + { + "name": "3816", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3816" + }, + { + "name": "ADV-2007-1583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1583" + }, + { + "name": "20070501 TCExam code injection: why does this work? (and vendor ACK)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-May/001571.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3794.json b/2007/3xxx/CVE-2007-3794.json index b55cc9de0bf..3b2f8d2f6b7 100644 --- a/2007/3xxx/CVE-2007-3794.json +++ b/2007/3xxx/CVE-2007-3794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html" - }, - { - "name" : "24905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24905" - }, - { - "name" : "ADV-2007-2534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2534" - }, - { - "name" : "37851", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37851" - }, - { - "name" : "26025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2534" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html" + }, + { + "name": "26025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26025" + }, + { + "name": "37851", + "refsource": "OSVDB", + "url": "http://osvdb.org/37851" + }, + { + "name": "24905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24905" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6118.json b/2007/6xxx/CVE-2007-6118.json index b6ec3ebd9c6..2f7e03a1dd4 100644 --- a/2007/6xxx/CVE-2007-6118.json +++ b/2007/6xxx/CVE-2007-6118.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "DSA-1414", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1414" - }, - { - "name" : "FEDORA-2007-4590", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" - }, - { - "name" : "FEDORA-2007-4690", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "RHSA-2008:0059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "26532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26532" - }, - { - "name" : "oval:org.mitre.oval:def:10659", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10659" - }, - { - "name" : "ADV-2007-3956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3956" - }, - { - "name" : "1018988", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018988" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "27817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27817" - }, - { - "name" : "28197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28197" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28207" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "28583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28583" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "26532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26532" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "RHSA-2008:0059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "1018988", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018988" + }, + { + "name": "DSA-1414", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1414" + }, + { + "name": "FEDORA-2007-4690", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "28583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28583" + }, + { + "name": "ADV-2007-3956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3956" + }, + { + "name": "oval:org.mitre.oval:def:10659", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10659" + }, + { + "name": "28197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28197" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + }, + { + "name": "28207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28207" + }, + { + "name": "FEDORA-2007-4590", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" + }, + { + "name": "27817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27817" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6237.json b/2007/6xxx/CVE-2007-6237.json index 4f9e4578b27..2d209e6abbe 100644 --- a/2007/6xxx/CVE-2007-6237.json +++ b/2007/6xxx/CVE-2007-6237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071126 DeluxeBB E-Mail Address Change Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484205/100/0/threaded" - }, - { - "name" : "26572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26572" - }, - { - "name" : "27794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27794" - }, - { - "name" : "3416", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27794" + }, + { + "name": "3416", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3416" + }, + { + "name": "20071126 DeluxeBB E-Mail Address Change Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484205/100/0/threaded" + }, + { + "name": "26572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26572" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6253.json b/2007/6xxx/CVE-2007-6253.json index 9c0e51b0191..e7376ec89b3 100644 --- a/2007/6xxx/CVE-2007-6253.json +++ b/2007/6xxx/CVE-2007-6253.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-6253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-09.html" - }, - { - "name" : "VU#362849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/362849" - }, - { - "name" : "28210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28210" - }, - { - "name" : "ADV-2008-0863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0863/references" - }, - { - "name" : "1019601", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019601" - }, - { - "name" : "29330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29330" - }, - { - "name" : "adobe-multiple-activex-bo(41142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-09.html" + }, + { + "name": "28210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28210" + }, + { + "name": "29330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29330" + }, + { + "name": "1019601", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019601" + }, + { + "name": "VU#362849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/362849" + }, + { + "name": "adobe-multiple-activex-bo(41142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41142" + }, + { + "name": "ADV-2008-0863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0863/references" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6540.json b/2007/6xxx/CVE-2007-6540.json index 93ea4e789a4..97ac152b45d 100644 --- a/2007/6xxx/CVE-2007-6540.json +++ b/2007/6xxx/CVE-2007-6540.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071216 neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485176/100/0/threaded" - }, - { - "name" : "39988", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39988" - }, - { - "name" : "3489", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3489", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3489" + }, + { + "name": "20071216 neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485176/100/0/threaded" + }, + { + "name": "39988", + "refsource": "OSVDB", + "url": "http://osvdb.org/39988" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0145.json b/2010/0xxx/CVE-2010-0145.json index 51d384f69aa..af2571b81f2 100644 --- a/2010/0xxx/CVE-2010-0145.json +++ b/2010/0xxx/CVE-2010-0145.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html" - }, - { - "name" : "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml" - }, - { - "name" : "38525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html" + }, + { + "name": "38525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38525" + }, + { + "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0341.json b/2010/0xxx/CVE-2010-0341.json index 15158f60e11..91eae1d82a8 100644 --- a/2010/0xxx/CVE-2010-0341.json +++ b/2010/0xxx/CVE-2010-0341.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0468.json b/2010/0xxx/CVE-2010-0468.json index 96df8ef1151..426d6c2761c 100644 --- a/2010/0xxx/CVE-2010-0468.json +++ b/2010/0xxx/CVE-2010-0468.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100128 PR09-19: Cross-Site Scripting (XSS) on CommonSpot server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509239/100/0/threaded" - }, - { - "name" : "20100128 PR09-19: Cross-Site Scripting (XSS) on CommonSpot server", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0601.html" - }, - { - "name" : "37986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37986" - }, - { - "name" : "62087", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62087" - }, - { - "name" : "commonspot-longproc-xss(55955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "commonspot-longproc-xss(55955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55955" + }, + { + "name": "20100128 PR09-19: Cross-Site Scripting (XSS) on CommonSpot server", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0601.html" + }, + { + "name": "20100128 PR09-19: Cross-Site Scripting (XSS) on CommonSpot server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509239/100/0/threaded" + }, + { + "name": "62087", + "refsource": "OSVDB", + "url": "http://osvdb.org/62087" + }, + { + "name": "37986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37986" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0586.json b/2010/0xxx/CVE-2010-0586.json index f7f097ccda2..68df7d85ee6 100644 --- a/2010/0xxx/CVE-2010-0586.json +++ b/2010/0xxx/CVE-2010-0586.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the \"SCCP Request Handling Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20070", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20070" - }, - { - "name" : "20100324 Cisco Unified Communications Manager Express Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.shtml" - }, - { - "name" : "63177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63177" - }, - { - "name" : "oval:org.mitre.oval:def:6625", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6625" - }, - { - "name" : "39069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the \"SCCP Request Handling Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20070", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20070" + }, + { + "name": "39069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39069" + }, + { + "name": "oval:org.mitre.oval:def:6625", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6625" + }, + { + "name": "63177", + "refsource": "OSVDB", + "url": "http://osvdb.org/63177" + }, + { + "name": "20100324 Cisco Unified Communications Manager Express Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0824.json b/2010/0xxx/CVE-2010-0824.json index 67dc23fcfbc..8564b014dbf 100644 --- a/2010/0xxx/CVE-2010-0824.json +++ b/2010/0xxx/CVE-2010-0824.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka \"Excel Record Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0821 and CVE-2010-1245." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511760/100/0/threaded" - }, - { - "name" : "MS10-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40522" - }, - { - "name" : "oval:org.mitre.oval:def:6768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka \"Excel Record Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0821 and CVE-2010-1245." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40522" + }, + { + "name": "20100608 VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511760/100/0/threaded" + }, + { + "name": "MS10-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" + }, + { + "name": "oval:org.mitre.oval:def:6768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6768" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1058.json b/2010/1xxx/CVE-2010-1058.json index f0e4fc7b9f3..db31db81239 100644 --- a/2010/1xxx/CVE-2010-1058.json +++ b/2010/1xxx/CVE-2010-1058.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/addressbookscript-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/addressbookscript-lfi.txt" - }, - { - "name" : "11754", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11754" - }, - { - "name" : "38731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38731" - }, - { - "name" : "63003", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63003" - }, - { - "name" : "38938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38938" - }, - { - "name" : "addressbook-langcode-file-include(56910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11754", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11754" + }, + { + "name": "38731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38731" + }, + { + "name": "38938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38938" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/addressbookscript-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/addressbookscript-lfi.txt" + }, + { + "name": "63003", + "refsource": "OSVDB", + "url": "http://osvdb.org/63003" + }, + { + "name": "addressbook-langcode-file-include(56910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56910" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1203.json b/2010/1xxx/CVE-2010-1203.json index 3874eec1926..ba7d693ad64 100644 --- a/2010/1xxx/CVE-2010-1203.json +++ b/2010/1xxx/CVE-2010-1203.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=546611", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=546611" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=557946", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=557946" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100091069", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100091069" - }, - { - "name" : "MDVSA-2010:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" - }, - { - "name" : "RHSA-2010:0500", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html" - }, - { - "name" : "RHSA-2010:0501", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html" - }, - { - "name" : "SUSE-SA:2010:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" - }, - { - "name" : "USN-930-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-930-1" - }, - { - "name" : "USN-930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-930-2" - }, - { - "name" : "41050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41050" - }, - { - "name" : "41099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41099" - }, - { - "name" : "oval:org.mitre.oval:def:10401", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401" - }, - { - "name" : "oval:org.mitre.oval:def:8317", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317" - }, - { - "name" : "1024138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024138" - }, - { - "name" : "1024139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024139" - }, - { - "name" : "40323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40323" - }, - { - "name" : "40326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40326" - }, - { - "name" : "40401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40401" - }, - { - "name" : "40481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40481" - }, - { - "name" : "ADV-2010-1551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1551" - }, - { - "name" : "ADV-2010-1557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1557" - }, - { - "name" : "ADV-2010-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1640" - }, - { - "name" : "ADV-2010-1773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1773" - }, - { - "name" : "mozilla-firefox-javascript-ce(59662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40481" + }, + { + "name": "USN-930-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-930-1" + }, + { + "name": "1024138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024138" + }, + { + "name": "ADV-2010-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1640" + }, + { + "name": "41050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41050" + }, + { + "name": "RHSA-2010:0501", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html" + }, + { + "name": "ADV-2010-1557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1557" + }, + { + "name": "MDVSA-2010:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" + }, + { + "name": "ADV-2010-1773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1773" + }, + { + "name": "oval:org.mitre.oval:def:10401", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=557946", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=557946" + }, + { + "name": "41099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41099" + }, + { + "name": "USN-930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-930-2" + }, + { + "name": "ADV-2010-1551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1551" + }, + { + "name": "RHSA-2010:0500", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html" + }, + { + "name": "SUSE-SA:2010:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" + }, + { + "name": "mozilla-firefox-javascript-ce(59662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59662" + }, + { + "name": "40323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40323" + }, + { + "name": "oval:org.mitre.oval:def:8317", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317" + }, + { + "name": "40401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40401" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html" + }, + { + "name": "40326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40326" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100091069", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100091069" + }, + { + "name": "1024139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024139" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=546611", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=546611" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1508.json b/2010/1xxx/CVE-2010-1508.json index 394d9132393..adbac66769a 100644 --- a/2010/1xxx/CVE-2010-1508.json +++ b/2010/1xxx/CVE-2010-1508.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-1508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-72/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-72/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-258/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-258/" - }, - { - "name" : "http://support.apple.com/kb/HT4447", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4447" - }, - { - "name" : "APPLE-SA-2010-12-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:15625", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15625" - }, - { - "name" : "1024830", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-12-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-258/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-258/" + }, + { + "name": "http://secunia.com/secunia_research/2010-72/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-72/" + }, + { + "name": "http://support.apple.com/kb/HT4447", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4447" + }, + { + "name": "oval:org.mitre.oval:def:15625", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15625" + }, + { + "name": "1024830", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024830" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1847.json b/2010/1xxx/CVE-2010-1847.json index 90041e555e6..f0a448266c1 100644 --- a/2010/1xxx/CVE-2010-1847.json +++ b/2010/1xxx/CVE-2010-1847.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1987.json b/2010/1xxx/CVE-2010-1987.json index f95432d02e1..82cc28c3872 100644 --- a/2010/1xxx/CVE-2010-1987.json +++ b/2010/1xxx/CVE-2010-1987.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100518 Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511329/100/0/threaded" - }, - { - "name" : "12678", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12678" - }, - { - "name" : "http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt" - }, - { - "name" : "64790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64790" - }, - { - "name" : "oval:org.mitre.oval:def:12013", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12013" - }, - { - "name" : "firefox-pelement-dos(58762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-pelement-dos(58762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58762" + }, + { + "name": "64790", + "refsource": "OSVDB", + "url": "http://osvdb.org/64790" + }, + { + "name": "oval:org.mitre.oval:def:12013", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12013" + }, + { + "name": "12678", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12678" + }, + { + "name": "http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt", + "refsource": "MISC", + "url": "http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt" + }, + { + "name": "20100518 Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511329/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0117.json b/2014/0xxx/CVE-2014-0117.json index 422465989aa..1931e562449 100644 --- a/2014/0xxx/CVE-2014-0117.json +++ b/2014/0xxx/CVE-2014-0117.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140722 Apache HTTPd - description of the CVE-2014-0117.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/117" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-239/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-239/" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1120599", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1120599" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0305.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0305.html" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120599", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120599" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0305.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0305.html" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-239/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-239/" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c" + }, + { + "name": "20140722 Apache HTTPd - description of the CVE-2014-0117.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/117" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0351.json b/2014/0xxx/CVE-2014-0351.json index c47f0ed4fa9..70ad44c6967 100644 --- a/2014/0xxx/CVE-2014-0351.json +++ b/2014/0xxx/CVE-2014-0351.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/FG-IR-14-006/", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/FG-IR-14-006/" - }, - { - "name" : "VU#730964", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/730964" - }, - { - "name" : "69754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69754" - }, - { - "name" : "fortios-cve20140351-mitm(96119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fortios-cve20140351-mitm(96119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96119" + }, + { + "name": "69754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69754" + }, + { + "name": "http://www.fortiguard.com/advisory/FG-IR-14-006/", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/FG-IR-14-006/" + }, + { + "name": "VU#730964", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/730964" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0978.json b/2014/0xxx/CVE-2014-0978.json index 2643fde7566..cace28bf126 100644 --- a/2014/0xxx/CVE-2014-0978.json +++ b/2014/0xxx/CVE-2014-0978.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/28" - }, - { - "name" : "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/38" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=497274", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=497274" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049165", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049165" - }, - { - "name" : "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a", - "refsource" : "CONFIRM", - "url" : "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a" - }, - { - "name" : "DSA-2843", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2843" - }, - { - "name" : "GLSA-201702-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-06" - }, - { - "name" : "MDVSA-2014:024", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" - }, - { - "name" : "64674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64674" - }, - { - "name" : "55666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55666" - }, - { - "name" : "56244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56244" - }, - { - "name" : "graphviz-yyerror-bo(90085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:024", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" + }, + { + "name": "64674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64674" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049165" + }, + { + "name": "GLSA-201702-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-06" + }, + { + "name": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a", + "refsource": "CONFIRM", + "url": "https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a" + }, + { + "name": "graphviz-yyerror-bo(90085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90085" + }, + { + "name": "[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/28" + }, + { + "name": "DSA-2843", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2843" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=497274", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=497274" + }, + { + "name": "[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/38" + }, + { + "name": "55666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55666" + }, + { + "name": "56244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56244" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10047.json b/2014/10xxx/CVE-2014-10047.json index 18cf0a38335..27f0705734f 100644 --- a/2014/10xxx/CVE-2014-10047.json +++ b/2014/10xxx/CVE-2014-10047.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 400, SD 800" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information exposure vulnerability in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 400, SD 800" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure vulnerability in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1394.json b/2014/1xxx/CVE-2014-1394.json index e02db78073c..55c99c6d356 100644 --- a/2014/1xxx/CVE-2014-1394.json +++ b/2014/1xxx/CVE-2014-1394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1747.json b/2014/1xxx/CVE-2014-1747.json index 8ac4197fd81..15cd8c740f9 100644 --- a/2014/1xxx/CVE-2014-1747.json +++ b/2014/1xxx/CVE-2014-1747.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka \"Universal XSS (UXSS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=330663", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=330663" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=169499&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=169499&view=revision" - }, - { - "name" : "DSA-2939", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2939" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html" - }, - { - "name" : "1030270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030270" - }, - { - "name" : "58920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58920" - }, - { - "name" : "59155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka \"Universal XSS (UXSS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2939", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2939" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "openSUSE-SU-2014:0783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=169499&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=169499&view=revision" + }, + { + "name": "59155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59155" + }, + { + "name": "58920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58920" + }, + { + "name": "1030270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030270" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=330663", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=330663" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1983.json b/2014/1xxx/CVE-2014-1983.json index 93ea7ae38be..3dd201219cf 100644 --- a/2014/1xxx/CVE-2014-1983.json +++ b/2014/1xxx/CVE-2014-1983.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20130317notice01.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/20130317notice01.php" - }, - { - "name" : "JVN#10319260", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN10319260/index.html" - }, - { - "name" : "JVNDB-2014-000039", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#10319260", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN10319260/index.html" + }, + { + "name": "http://cs.cybozu.co.jp/information/20130317notice01.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/20130317notice01.php" + }, + { + "name": "JVNDB-2014-000039", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000039" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4546.json b/2014/4xxx/CVE-2014-4546.json index 21c5f02cd7c..8f7189396a4 100644 --- a/2014/4xxx/CVE-2014-4546.json +++ b/2014/4xxx/CVE-2014-4546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-rezgo-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-rezgo-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5040.json b/2014/5xxx/CVE-2014-5040.json index f4a82d9cf21..5445cdd5b7a 100644 --- a/2014/5xxx/CVE-2014-5040.json +++ b/2014/5xxx/CVE-2014-5040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.eucalyptus.com/resources/security/advisories/esa-32", - "refsource" : "CONFIRM", - "url" : "https://www.eucalyptus.com/resources/security/advisories/esa-32" - }, - { - "name" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463" + }, + { + "name": "https://www.eucalyptus.com/resources/security/advisories/esa-32", + "refsource": "CONFIRM", + "url": "https://www.eucalyptus.com/resources/security/advisories/esa-32" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5704.json b/2014/5xxx/CVE-2014-5704.json index fb55b0fbfda..679fe92a05c 100644 --- a/2014/5xxx/CVE-2014-5704.json +++ b/2014/5xxx/CVE-2014-5704.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#889617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/889617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "VU#889617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/889617" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9328.json b/2014/9xxx/CVE-2014-9328.json index b949192a155..14b48a8b2c5 100644 --- a/2014/9xxx/CVE-2014-9328.json +++ b/2014/9xxx/CVE-2014-9328.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a \"heap out of bounds condition.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html" - }, - { - "name" : "FEDORA-2015-1437", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html" - }, - { - "name" : "FEDORA-2015-1461", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html" - }, - { - "name" : "GLSA-201512-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-08" - }, - { - "name" : "SUSE-SU-2015:0298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html" - }, - { - "name" : "openSUSE-SU-2015:0285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html" - }, - { - "name" : "USN-2488-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2488-2" - }, - { - "name" : "72372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72372" - }, - { - "name" : "1031672", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id/1031672" - }, - { - "name" : "62536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62536" - }, - { - "name" : "62757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a \"heap out of bounds condition.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201512-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-08" + }, + { + "name": "72372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72372" + }, + { + "name": "openSUSE-SU-2015:0285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html" + }, + { + "name": "1031672", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id/1031672" + }, + { + "name": "FEDORA-2015-1437", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html" + }, + { + "name": "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html" + }, + { + "name": "SUSE-SU-2015:0298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html" + }, + { + "name": "FEDORA-2015-1461", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html" + }, + { + "name": "USN-2488-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2488-2" + }, + { + "name": "openSUSE-SU-2015:0906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html" + }, + { + "name": "62536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62536" + }, + { + "name": "62757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62757" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3164.json b/2016/3xxx/CVE-2016-3164.json index 383ef7180a5..9cf1fbd6c1b 100644 --- a/2016/3xxx/CVE-2016-3164.json +++ b/2016/3xxx/CVE-2016-3164.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/19" - }, - { - "name" : "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/10" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2016-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-001" - }, - { - "name" : "DSA-3498", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" + }, + { + "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" + }, + { + "name": "DSA-3498", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3498" + }, + { + "name": "https://www.drupal.org/SA-CORE-2016-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-001" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3230.json b/2016/3xxx/CVE-2016-3230.json index 054888716b9..12514aaba82 100644 --- a/2016/3xxx/CVE-2016-3230.json +++ b/2016/3xxx/CVE-2016-3230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka \"Windows Search Component Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-082", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-082" - }, - { - "name" : "1036102", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka \"Windows Search Component Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-082", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-082" + }, + { + "name": "1036102", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036102" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3317.json b/2016/3xxx/CVE-2016-3317.json index 999ff5aceda..e6be6b6a081 100644 --- a/2016/3xxx/CVE-2016-3317.json +++ b/2016/3xxx/CVE-2016-3317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-099", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099" - }, - { - "name" : "92303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92303" - }, - { - "name" : "1036559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036559" + }, + { + "name": "MS16-099", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099" + }, + { + "name": "92303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92303" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3669.json b/2016/3xxx/CVE-2016-3669.json index 9b5a95302e7..c871d586b8c 100644 --- a/2016/3xxx/CVE-2016-3669.json +++ b/2016/3xxx/CVE-2016-3669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7498.json b/2016/7xxx/CVE-2016-7498.json index 42199e1ed99..32a70602484 100644 --- a/2016/7xxx/CVE-2016-7498.json +++ b/2016/7xxx/CVE-2016-7498.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160921 Re: CVE request for vulnerability in OpenStack Nova", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/21/8" - }, - { - "name" : "[oss-security] 20160923 [OSSA 2016-011] Nova may fail to delete images in resize state regression (CVE-2016-7498)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/23/1" - }, - { - "name" : "https://security.openstack.org/ossa/OSSA-2016-011.html", - "refsource" : "CONFIRM", - "url" : "https://security.openstack.org/ossa/OSSA-2016-011.html" - }, - { - "name" : "93068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93068" + }, + { + "name": "[oss-security] 20160923 [OSSA 2016-011] Nova may fail to delete images in resize state regression (CVE-2016-7498)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/23/1" + }, + { + "name": "https://security.openstack.org/ossa/OSSA-2016-011.html", + "refsource": "CONFIRM", + "url": "https://security.openstack.org/ossa/OSSA-2016-011.html" + }, + { + "name": "[oss-security] 20160921 Re: CVE request for vulnerability in OpenStack Nova", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/21/8" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7616.json b/2016/7xxx/CVE-2016-7616.json index f30c9cc9635..39e483889c7 100644 --- a/2016/7xxx/CVE-2016-7616.json +++ b/2016/7xxx/CVE-2016-7616.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Disk Images\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Disk Images\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7826.json b/2016/7xxx/CVE-2016-7826.json index 27e769a3d7f..53c5045ee03 100644 --- a/2016/7xxx/CVE-2016-7826.json +++ b/2016/7xxx/CVE-2016-7826.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WNC01WH", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.0.0.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WNC01WH", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.0.8 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20161201.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20161201.html" - }, - { - "name" : "JVN#40613060", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN40613060/index.html" - }, - { - "name" : "94648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#40613060", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN40613060/index.html" + }, + { + "name": "http://buffalo.jp/support_s/s20161201.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20161201.html" + }, + { + "name": "94648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94648" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8066.json b/2016/8xxx/CVE-2016-8066.json index c98928af22c..4b540267d06 100644 --- a/2016/8xxx/CVE-2016-8066.json +++ b/2016/8xxx/CVE-2016-8066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8066", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8311.json b/2016/8xxx/CVE-2016-8311.json index 934233c9d49..74b8695dee7 100644 --- a/2016/8xxx/CVE-2016-8311.json +++ b/2016/8xxx/CVE-2016-8311.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0" - }, - { - "version_value" : "11.4.0" - }, - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "11.3.0" + }, + { + "version_value": "11.4.0" + }, + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95546" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95546" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8347.json b/2016/8xxx/CVE-2016-8347.json index d7dd61d70fc..5e46fda57dd 100644 --- a/2016/8xxx/CVE-2016-8347.json +++ b/2016/8xxx/CVE-2016-8347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kabona AB WDC prior to Version 3.4.0", - "version" : { - "version_data" : [ - { - "version_value" : "Kabona AB WDC prior to Version 3.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kabona AB WDC brute force" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kabona AB WDC prior to Version 3.4.0", + "version": { + "version_data": [ + { + "version_value": "Kabona AB WDC prior to Version 3.4.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07" - }, - { - "name" : "93547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kabona AB WDC brute force" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93547" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8631.json b/2016/8xxx/CVE-2016-8631.json index a2344b8d6b9..cf9bd8550c7 100644 --- a/2016/8xxx/CVE-2016-8631.json +++ b/2016/8xxx/CVE-2016-8631.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Openshift Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "3" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Openshift Enterprise", + "version": { + "version_data": [ + { + "version_value": "3" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631" - }, - { - "name" : "RHSA-2016:2696", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:2696" - }, - { - "name" : "94110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94110" + }, + { + "name": "RHSA-2016:2696", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:2696" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9025.json b/2016/9xxx/CVE-2016-9025.json index 124a5af0823..7da9014eacd 100644 --- a/2016/9xxx/CVE-2016-9025.json +++ b/2016/9xxx/CVE-2016-9025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9367.json b/2016/9xxx/CVE-2016-9367.json index a0a943fcf30..561710cea65 100644 --- a/2016/9xxx/CVE-2016-9367.json +++ b/2016/9xxx/CVE-2016-9367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa NPort", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa NPort" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa NPort Device DoS" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa NPort", + "version": { + "version_data": [ + { + "version_value": "Moxa NPort" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" - }, - { - "name" : "85965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa NPort Device DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" + }, + { + "name": "85965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85965" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9597.json b/2016/9xxx/CVE-2016-9597.json index 06608acad64..f355278863a 100644 --- a/2016/9xxx/CVE-2016-9597.json +++ b/2016/9xxx/CVE-2016-9597.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-9597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libxml2", - "version" : { - "version_data" : [ - { - "version_value" : "all" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-674" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libxml2", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597" - }, - { - "name" : "98567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-674" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98567" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9646.json b/2016/9xxx/CVE-2016-9646.json index 681b5f0bd52..26763a72e28 100644 --- a/2016/9xxx/CVE-2016-9646.json +++ b/2016/9xxx/CVE-2016-9646.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2016-12-29T19:29:00.000Z", - "ID" : "CVE-2016-9646", - "STATE" : "PUBLIC", - "TITLE" : "Commit metadata forgery via CGI::FormBuilder context-dependent APIs" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ikiwiki", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.20161229" - } - ] - } - } - ] - }, - "vendor_name" : "ikiwiki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "commit metadata forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2016-12-29T19:29:00.000Z", + "ID": "CVE-2016-9646", + "STATE": "PUBLIC", + "TITLE": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ikiwiki", + "version": { + "version_data": [ + { + "version_value": "before 3.20161229" + } + ] + } + } + ] + }, + "vendor_name": "ikiwiki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=oss-security&m=148304341511854&w=2" - }, - { - "name" : "https://ikiwiki.info/security/#cve-2016-9646", - "refsource" : "CONFIRM", - "url" : "https://ikiwiki.info/security/#cve-2016-9646" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-9646", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-9646" - }, - { - "name" : "DSA-3760", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3760" - } - ] - }, - "source" : { - "advisory" : "https://ikiwiki.info/security/#cve-2016-9646", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "commit metadata forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3760", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3760" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-9646", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-9646" + }, + { + "name": "https://ikiwiki.info/security/#cve-2016-9646", + "refsource": "CONFIRM", + "url": "https://ikiwiki.info/security/#cve-2016-9646" + }, + { + "name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)", + "refsource": "MLIST", + "url": "https://marc.info/?l=oss-security&m=148304341511854&w=2" + } + ] + }, + "source": { + "advisory": "https://ikiwiki.info/security/#cve-2016-9646", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9856.json b/2016/9xxx/CVE-2016-9856.json index 6bf9e322688..1f04c211570 100644 --- a/2016/9xxx/CVE-2016-9856.json +++ b/2016/9xxx/CVE-2016-9856.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-64", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-64" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "94530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94530" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-64", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-64" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2133.json b/2019/2xxx/CVE-2019-2133.json index 78d745c4ce5..4ebf1dc5645 100644 --- a/2019/2xxx/CVE-2019-2133.json +++ b/2019/2xxx/CVE-2019-2133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2229.json b/2019/2xxx/CVE-2019-2229.json index bbaf5383c96..52afe8060dd 100644 --- a/2019/2xxx/CVE-2019-2229.json +++ b/2019/2xxx/CVE-2019-2229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2824.json b/2019/2xxx/CVE-2019-2824.json index c89eff2d561..45fa188b94d 100644 --- a/2019/2xxx/CVE-2019-2824.json +++ b/2019/2xxx/CVE-2019-2824.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2824", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2824", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2894.json b/2019/2xxx/CVE-2019-2894.json index 64ee3ebeb04..7a54c241fc1 100644 --- a/2019/2xxx/CVE-2019-2894.json +++ b/2019/2xxx/CVE-2019-2894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file