diff --git a/2006/5xxx/CVE-2006-5072.json b/2006/5xxx/CVE-2006-5072.json index 2c3300e55e5..7fbe2fe364f 100644 --- a/2006/5xxx/CVE-2006-5072.json +++ b/2006/5xxx/CVE-2006-5072.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2007-068", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2401" - }, - { - "name" : "GLSA-200611-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-23.xml" - }, - { - "name" : "MDKSA-2006:188", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188" - }, - { - "name" : "SUSE-SA:2006:073", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_73_mono.html" - }, - { - "name" : "USN-357-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-357-1" - }, - { - "name" : "20340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20340" - }, - { - "name" : "ADV-2006-3911", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3911" - }, - { - "name" : "22237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22237" - }, - { - "name" : "22277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22277" - }, - { - "name" : "22614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22614" - }, - { - "name" : "23154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23154" - }, - { - "name" : "23213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23213" - }, - { - "name" : "23776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23776" - }, - { - "name" : "mono-systemcodedomcompiler-symlink(29353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:073", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" + }, + { + "name": "USN-357-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-357-1" + }, + { + "name": "mono-systemcodedomcompiler-symlink(29353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353" + }, + { + "name": "22277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22277" + }, + { + "name": "23213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23213" + }, + { + "name": "22237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22237" + }, + { + "name": "MDKSA-2006:188", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188" + }, + { + "name": "20340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20340" + }, + { + "name": "23154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23154" + }, + { + "name": "23776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23776" + }, + { + "name": "22614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22614" + }, + { + "name": "GLSA-200611-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-23.xml" + }, + { + "name": "ADV-2006-3911", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3911" + }, + { + "name": "FEDORA-2007-068", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2401" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5318.json b/2006/5xxx/CVE-2006-5318.json index 978c7ca6144..08b6639d88e 100644 --- a/2006/5xxx/CVE-2006-5318.json +++ b/2006/5xxx/CVE-2006-5318.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061007 7 php scripts File Inclusion / Source disclosure Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448096/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/13061007.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/13061007.txt" - }, - { - "name" : "2505", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2505" - }, - { - "name" : "20430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20430" - }, - { - "name" : "ADV-2006-4007", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4007" - }, - { - "name" : "22374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22374" - }, - { - "name" : "jasmine-index-file-include(29423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20430" + }, + { + "name": "ADV-2006-4007", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4007" + }, + { + "name": "2505", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2505" + }, + { + "name": "http://acid-root.new.fr/poc/13061007.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/13061007.txt" + }, + { + "name": "20061007 7 php scripts File Inclusion / Source disclosure Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448096/100/0/threaded" + }, + { + "name": "jasmine-index-file-include(29423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29423" + }, + { + "name": "22374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22374" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5665.json b/2006/5xxx/CVE-2006-5665.json index 891133e9713..0b386907d6d 100644 --- a/2006/5xxx/CVE-2006-5665.json +++ b/2006/5xxx/CVE-2006-5665.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2686", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2686" - }, - { - "name" : "20844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20844" - }, - { - "name" : "ADV-2006-4290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4290" - }, - { - "name" : "30160", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30160" - }, - { - "name" : "22630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22630" - }, - { - "name" : "spider-modules-file-include(29899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22630" + }, + { + "name": "spider-modules-file-include(29899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29899" + }, + { + "name": "30160", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30160" + }, + { + "name": "2686", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2686" + }, + { + "name": "ADV-2006-4290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4290" + }, + { + "name": "20844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20844" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5706.json b/2006/5xxx/CVE-2006-5706.json index 17a18e2d45c..19f074fbe73 100644 --- a/2006/5xxx/CVE-2006-5706.json +++ b/2006/5xxx/CVE-2006-5706.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/releases/5_2_0.php", - "refsource" : "MISC", - "url" : "http://www.php.net/releases/5_2_0.php" - }, - { - "name" : "USN-375-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-375-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-375-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-375-1" + }, + { + "name": "http://www.php.net/releases/5_2_0.php", + "refsource": "MISC", + "url": "http://www.php.net/releases/5_2_0.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5795.json b/2006/5xxx/CVE-2006-5795.json index 409e786a8dc..3f199d1b24e 100644 --- a/2006/5xxx/CVE-2006-5795.json +++ b/2006/5xxx/CVE-2006-5795.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 [ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450698/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv60-theday-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv60-theday-2006.txt" - }, - { - "name" : "2727", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2727" - }, - { - "name" : "ADV-2006-4382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4382" - }, - { - "name" : "22695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22695" - }, - { - "name" : "1834", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1834" - }, - { - "name" : "openemr-srcdir-file-include(30036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2727", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2727" + }, + { + "name": "20061106 [ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450698/100/0/threaded" + }, + { + "name": "openemr-srcdir-file-include(30036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30036" + }, + { + "name": "http://advisories.echo.or.id/adv/adv60-theday-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv60-theday-2006.txt" + }, + { + "name": "1834", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1834" + }, + { + "name": "ADV-2006-4382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4382" + }, + { + "name": "22695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22695" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2052.json b/2007/2xxx/CVE-2007-2052.json index aba97505681..44d48383663 100644 --- a/2007/2xxx/CVE-2007-2052.json +++ b/2007/2xxx/CVE-2007-2052.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488457/100/0/threaded" - }, - { - "name" : "20070521 FLEA-2007-0019-1: python", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469294/30/6450/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093" - }, - { - "name" : "http://www.python.org/download/releases/2.5.1/NEWS.txt", - "refsource" : "CONFIRM", - "url" : "http://www.python.org/download/releases/2.5.1/NEWS.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1358", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1358" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1551" - }, - { - "name" : "DSA-1620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1620" - }, - { - "name" : "MDKSA-2007:099", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099" - }, - { - "name" : "RHSA-2007:1076", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1076.html" - }, - { - "name" : "RHSA-2007:1077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1077.html" - }, - { - "name" : "RHSA-2008:0629", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html" - }, - { - "name" : "SUSE-SR:2007:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_13_sr.html" - }, - { - "name" : "2007-0019", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0019/" - }, - { - "name" : "USN-585-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-585-1" - }, - { - "name" : "23887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23887" - }, - { - "name" : "oval:org.mitre.oval:def:11716", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716" - }, - { - "name" : "oval:org.mitre.oval:def:8353", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "ADV-2007-1465", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1465" - }, - { - "name" : "ADV-2008-0637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0637" - }, - { - "name" : "25190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25190" - }, - { - "name" : "25217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25217" - }, - { - "name" : "25233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25233" - }, - { - "name" : "25353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25353" - }, - { - "name" : "25787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25787" - }, - { - "name" : "28027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28027" - }, - { - "name" : "28050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28050" - }, - { - "name" : "29032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29032" - }, - { - "name" : "29303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29303" - }, - { - "name" : "29889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29889" - }, - { - "name" : "31255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31255" - }, - { - "name" : "31492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31492" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "python-localemodule-information-disclosure(34060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" + }, + { + "name": "28050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28050" + }, + { + "name": "25190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25190" + }, + { + "name": "25217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25217" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "http://www.python.org/download/releases/2.5.1/NEWS.txt", + "refsource": "CONFIRM", + "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934" + }, + { + "name": "DSA-1551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1551" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "29303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29303" + }, + { + "name": "ADV-2007-1465", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1465" + }, + { + "name": "29032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29032" + }, + { + "name": "31492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31492" + }, + { + "name": "oval:org.mitre.oval:def:8353", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353" + }, + { + "name": "20070521 FLEA-2007-0019-1: python", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded" + }, + { + "name": "RHSA-2008:0629", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" + }, + { + "name": "RHSA-2007:1077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html" + }, + { + "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" + }, + { + "name": "RHSA-2007:1076", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "ADV-2008-0637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0637" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093" + }, + { + "name": "25353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25353" + }, + { + "name": "25233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25233" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1358", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1358" + }, + { + "name": "USN-585-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-585-1" + }, + { + "name": "2007-0019", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0019/" + }, + { + "name": "28027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28027" + }, + { + "name": "SUSE-SR:2007:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html" + }, + { + "name": "31255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31255" + }, + { + "name": "DSA-1620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1620" + }, + { + "name": "25787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25787" + }, + { + "name": "23887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23887" + }, + { + "name": "python-localemodule-information-disclosure(34060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060" + }, + { + "name": "oval:org.mitre.oval:def:11716", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "MDKSA-2007:099", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099" + }, + { + "name": "29889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29889" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2210.json b/2007/2xxx/CVE-2007-2210.json index 72a62587ee1..7c04682a66a 100644 --- a/2007/2xxx/CVE-2007-2210.json +++ b/2007/2xxx/CVE-2007-2210.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to \"improper memory handling,\" possibly a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070417 Multiple Ask IE Toolbar denial of service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466022/100/100/threaded" - }, - { - "name" : "23535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23535" - }, - { - "name" : "35413", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35413" - }, - { - "name" : "2604", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to \"improper memory handling,\" possibly a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2604", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2604" + }, + { + "name": "35413", + "refsource": "OSVDB", + "url": "http://osvdb.org/35413" + }, + { + "name": "23535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23535" + }, + { + "name": "20070417 Multiple Ask IE Toolbar denial of service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466022/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2408.json b/2007/2xxx/CVE-2007-2408.json index de645eeb84a..2a34cd3d68f 100644 --- a/2007/2xxx/CVE-2007-2408.json +++ b/2007/2xxx/CVE-2007-2408.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked \"Enable Java\" setting, which allows remote attackers to execute Java applets via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.org/diary.html?storyid=3214", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=3214" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306174", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306174" - }, - { - "name" : "25157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25157" - }, - { - "name" : "ADV-2007-2730", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2730" - }, - { - "name" : "safari-applet-security-bypass(35714)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked \"Enable Java\" setting, which allows remote attackers to execute Java applets via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2730", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2730" + }, + { + "name": "25157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25157" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306174", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306174" + }, + { + "name": "safari-applet-security-bypass(35714)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35714" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=3214", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=3214" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2427.json b/2007/2xxx/CVE-2007-2427.json index 97363f0bf6a..5f0eb954658 100644 --- a/2007/2xxx/CVE-2007-2427.json +++ b/2007/2xxx/CVE-2007-2427.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3813", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3813" - }, - { - "name" : "23701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23701" - }, - { - "name" : "ADV-2007-1581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1581" - }, - { - "name" : "35474", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35474" - }, - { - "name" : "25043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25043" - }, - { - "name" : "pnflashgames-index-sql-injection(33960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25043" + }, + { + "name": "pnflashgames-index-sql-injection(33960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33960" + }, + { + "name": "23701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23701" + }, + { + "name": "3813", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3813" + }, + { + "name": "35474", + "refsource": "OSVDB", + "url": "http://osvdb.org/35474" + }, + { + "name": "ADV-2007-1581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1581" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2842.json b/2007/2xxx/CVE-2007-2842.json index a14f0e92d7e..9f5d5074d16 100644 --- a/2007/2xxx/CVE-2007-2842.json +++ b/2007/2xxx/CVE-2007-2842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2883.json b/2007/2xxx/CVE-2007-2883.json index 40c5f834712..6d7029b4a44 100644 --- a/2007/2xxx/CVE-2007-2883.json +++ b/2007/2xxx/CVE-2007-2883.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070524 Vulnerability in Credant Mobile Guardian Shield for Windows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469486/100/0/threaded" - }, - { - "name" : "VU#821865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/821865" - }, - { - "name" : "24139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24139" - }, - { - "name" : "36524", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36524" - }, - { - "name" : "25410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25410" - }, - { - "name" : "2753", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2753" - }, - { - "name" : "mobileguardianshield-paging-info-disclosure(34487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#821865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/821865" + }, + { + "name": "20070524 Vulnerability in Credant Mobile Guardian Shield for Windows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded" + }, + { + "name": "36524", + "refsource": "OSVDB", + "url": "http://osvdb.org/36524" + }, + { + "name": "2753", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2753" + }, + { + "name": "25410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25410" + }, + { + "name": "24139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24139" + }, + { + "name": "mobileguardianshield-paging-info-disclosure(34487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3645.json b/2007/3xxx/CVE-2007-3645.json index ca7c35c9eea..7bf7556b243 100644 --- a/2007/3xxx/CVE-2007-3645.json +++ b/2007/3xxx/CVE-2007-3645.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2007-3645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.freebsd.org/patches/SA-07:05/libarchive.patch", - "refsource" : "MISC", - "url" : "http://security.freebsd.org/patches/SA-07:05/libarchive.patch" - }, - { - "name" : "http://people.freebsd.org/~kientzle/libarchive/", - "refsource" : "CONFIRM", - "url" : "http://people.freebsd.org/~kientzle/libarchive/" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924" - }, - { - "name" : "DSA-1455", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1455" - }, - { - "name" : "FreeBSD-SA-07:05.libarchive", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc" - }, - { - "name" : "GLSA-200708-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-03.xml" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24885" - }, - { - "name" : "38093", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38093" - }, - { - "name" : "38094", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38094" - }, - { - "name" : "ADV-2007-2521", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2521" - }, - { - "name" : "1018379", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018379" - }, - { - "name" : "26050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26050" - }, - { - "name" : "26062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26062" - }, - { - "name" : "26355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26355" - }, - { - "name" : "28377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28377" - }, - { - "name" : "freebsd-libarchive-null-pax-dos(35404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-libarchive-null-pax-dos(35404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404" + }, + { + "name": "ADV-2007-2521", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2521" + }, + { + "name": "DSA-1455", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1455" + }, + { + "name": "FreeBSD-SA-07:05.libarchive", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc" + }, + { + "name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch", + "refsource": "MISC", + "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch" + }, + { + "name": "26050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26050" + }, + { + "name": "24885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24885" + }, + { + "name": "GLSA-200708-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924" + }, + { + "name": "38094", + "refsource": "OSVDB", + "url": "http://osvdb.org/38094" + }, + { + "name": "http://people.freebsd.org/~kientzle/libarchive/", + "refsource": "CONFIRM", + "url": "http://people.freebsd.org/~kientzle/libarchive/" + }, + { + "name": "26062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26062" + }, + { + "name": "38093", + "refsource": "OSVDB", + "url": "http://osvdb.org/38093" + }, + { + "name": "26355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26355" + }, + { + "name": "1018379", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018379" + }, + { + "name": "28377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28377" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6494.json b/2007/6xxx/CVE-2007-6494.json index e48d64c172e..74d3a3e25ab 100644 --- a/2007/6xxx/CVE-2007-6494.json +++ b/2007/6xxx/CVE-2007-6494.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded" - }, - { - "name" : "4730", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4730" - }, - { - "name" : "26862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26862" - }, - { - "name" : "44186", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44186" - }, - { - "name" : "1019222", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019222" - }, - { - "name" : "3474", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3474" - }, - { - "name" : "hostingcontroller-multiple-security-bypass(39038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded" + }, + { + "name": "3474", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3474" + }, + { + "name": "4730", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4730" + }, + { + "name": "26862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26862" + }, + { + "name": "1019222", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019222" + }, + { + "name": "44186", + "refsource": "OSVDB", + "url": "http://osvdb.org/44186" + }, + { + "name": "hostingcontroller-multiple-security-bypass(39038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39038" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6609.json b/2007/6xxx/CVE-2007-6609.json index 7a0ad2dbb89..90258d419af 100644 --- a/2007/6xxx/CVE-2007-6609.json +++ b/2007/6xxx/CVE-2007-6609.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071228 Buffer-overflow in CoolPlayer 217", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485616/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/culplayer-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/culplayer-adv.txt" - }, - { - "name" : "27061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27061" - }, - { - "name" : "ADV-2008-0008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0008" - }, - { - "name" : "42671", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42671" - }, - { - "name" : "28226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28226" - }, - { - "name" : "3503", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3503" - }, - { - "name" : "coolplayer-cplireadtagogg-bo(39325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coolplayer-cplireadtagogg-bo(39325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39325" + }, + { + "name": "3503", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3503" + }, + { + "name": "20071228 Buffer-overflow in CoolPlayer 217", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485616/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/culplayer-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/culplayer-adv.txt" + }, + { + "name": "42671", + "refsource": "OSVDB", + "url": "http://osvdb.org/42671" + }, + { + "name": "28226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28226" + }, + { + "name": "27061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27061" + }, + { + "name": "ADV-2008-0008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0008" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0216.json b/2010/0xxx/CVE-2010-0216.json index dbff1bfcd70..4f89b6093f7 100644 --- a/2010/0xxx/CVE-2010-0216.json +++ b/2010/0xxx/CVE-2010-0216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt", - "refsource" : "MISC", - "url" : "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt" - }, - { - "name" : "47572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47572" - }, - { - "name" : "72079", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/72079" - }, - { - "name" : "44182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44182" - }, - { - "name" : "8245", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8245" - }, - { - "name" : "mediacast-authenticateadsetup-info-disc(67082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72079", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/72079" + }, + { + "name": "44182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44182" + }, + { + "name": "47572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47572" + }, + { + "name": "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt", + "refsource": "MISC", + "url": "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt" + }, + { + "name": "8245", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8245" + }, + { + "name": "mediacast-authenticateadsetup-info-disc(67082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67082" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0252.json b/2010/0xxx/CVE-2010-0252.json index f1d8c4aa8f1..36774fee30a 100644 --- a/2010/0xxx/CVE-2010-0252.json +++ b/2010/0xxx/CVE-2010-0252.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the \"system state,\" aka \"Microsoft Data Analyzer ActiveX Control Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008" - }, - { - "name" : "MS10-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "oval:org.mitre.oval:def:8424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8424" - }, - { - "name" : "38503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38503" - }, - { - "name" : "40059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the \"system state,\" aka \"Microsoft Data Analyzer ActiveX Control Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008" + }, + { + "name": "40059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40059" + }, + { + "name": "38503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38503" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "oval:org.mitre.oval:def:8424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8424" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0319.json b/2010/0xxx/CVE-2010-0319.json index 656f505fe1e..e9b8d673786 100644 --- a/2010/0xxx/CVE-2010-0319.json +++ b/2010/0xxx/CVE-2010-0319.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/docmintcms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/docmintcms-xss.txt" - }, - { - "name" : "11119", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11119" - }, - { - "name" : "37721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37721" - }, - { - "name" : "38149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38149" - }, - { - "name" : "docmint-index-xss(55549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "docmint-index-xss(55549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55549" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/docmintcms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/docmintcms-xss.txt" + }, + { + "name": "37721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37721" + }, + { + "name": "11119", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11119" + }, + { + "name": "38149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38149" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0485.json b/2010/0xxx/CVE-2010-0485.json index 614d5795c3b..e96a70183c2 100644 --- a/2010/0xxx/CVE-2010-0485.json +++ b/2010/0xxx/CVE-2010-0485.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 \"do not properly validate all callback parameters when creating a new window,\" which allows local users to execute arbitrary code, aka \"Win32k Window Creation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/support/kb/view/954/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/954/" - }, - { - "name" : "MS10-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-032" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "oval:org.mitre.oval:def:6948", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 \"do not properly validate all callback parameters when creating a new window,\" which allows local users to execute arbitrary code, aka \"Win32k Window Creation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6948", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6948" + }, + { + "name": "http://www.opera.com/support/kb/view/954/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/954/" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "MS10-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-032" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0541.json b/2010/0xxx/CVE-2010-0541.json index 5a2633b2e85..c4cfa2ca5c5 100644 --- a/2010/0xxx/CVE-2010-0541.json +++ b/2010/0xxx/CVE-2010-0541.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "MDVSA-2011:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" - }, - { - "name" : "MDVSA-2011:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" - }, - { - "name" : "RHSA-2011:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html" - }, - { - "name" : "RHSA-2011:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html" - }, - { - "name" : "40871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40871" - }, - { - "name" : "40895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40895" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "MDVSA-2011:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "40871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40871" + }, + { + "name": "RHSA-2011:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html" + }, + { + "name": "40895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40895" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "RHSA-2011:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html" + }, + { + "name": "MDVSA-2011:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1365.json b/2010/1xxx/CVE-2010-1365.json index d89c85ea98b..3ceae4d91cc 100644 --- a/2010/1xxx/CVE-2010-1365.json +++ b/2010/1xxx/CVE-2010-1365.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/" - }, - { - "name" : "http://packetstormsecurity.org/1002-exploits/uigafc-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/uigafc-sql.txt" - }, - { - "name" : "11600", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11600" - }, - { - "name" : "38756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38756" - }, - { - "name" : "ADV-2010-0487", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11600", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11600" + }, + { + "name": "38756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38756" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/uigafc-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/uigafc-sql.txt" + }, + { + "name": "ADV-2010-0487", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0487" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1478.json b/2010/1xxx/CVE-2010-1478.json index de14c123664..c4efe11379d 100644 --- a/2010/1xxx/CVE-2010-1478.json +++ b/2010/1xxx/CVE-2010-1478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlajfeedback-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlajfeedback-lfi.txt" - }, - { - "name" : "12145", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12145" - }, - { - "name" : "39390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39390" - }, - { - "name" : "39262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39390" + }, + { + "name": "12145", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12145" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlajfeedback-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlajfeedback-lfi.txt" + }, + { + "name": "39262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39262" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1601.json b/2010/1xxx/CVE-2010-1601.json index 46f88d86670..63471b28a6b 100644 --- a/2010/1xxx/CVE-2010-1601.json +++ b/2010/1xxx/CVE-2010-1601.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt" - }, - { - "name" : "12236", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12236" - }, - { - "name" : "39516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39516" - }, - { - "name" : "63802", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63802" - }, - { - "name" : "39472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39472" - }, - { - "name" : "comjacomment-index-file-inlclude(57848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "comjacomment-index-file-inlclude(57848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57848" + }, + { + "name": "39516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39516" + }, + { + "name": "39472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39472" + }, + { + "name": "63802", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63802" + }, + { + "name": "12236", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12236" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4683.json b/2010/4xxx/CVE-2010-4683.json index b42af8ccba1..3b925748fad 100644 --- a/2010/4xxx/CVE-2010-4683.json +++ b/2010/4xxx/CVE-2010-4683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" - }, - { - "name" : "45786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45786" - }, - { - "name" : "ciscoios-sip-register-dos(64588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-sip-register-dos(64588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64588" + }, + { + "name": "45786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45786" + }, + { + "name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5025.json b/2010/5xxx/CVE-2010-5025.json index 2b81509cb33..6889251c768 100644 --- a/2010/5xxx/CVE-2010-5025.json +++ b/2010/5xxx/CVE-2010-5025.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100605 XSS vulnerability in CuteSITE CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511673/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/cutesitecms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/cutesitecms-xss.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cutesite_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cutesite_cms.html" - }, - { - "name" : "40612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40612" - }, - { - "name" : "39864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39864" - }, - { - "name" : "8514", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1006-exploits/cutesitecms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/cutesitecms-xss.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cutesite_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cutesite_cms.html" + }, + { + "name": "20100605 XSS vulnerability in CuteSITE CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511673/100/0/threaded" + }, + { + "name": "40612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40612" + }, + { + "name": "8514", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8514" + }, + { + "name": "39864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39864" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5142.json b/2010/5xxx/CVE-2010-5142.json index bc3c33e25c2..1da078bfc74 100644 --- a/2010/5xxx/CVE-2010-5142.json +++ b/2010/5xxx/CVE-2010-5142.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tickets.opscode.com/browse/CHEF-1289", - "refsource" : "CONFIRM", - "url" : "http://tickets.opscode.com/browse/CHEF-1289" - }, - { - "name" : "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8", - "refsource" : "CONFIRM", - "url" : "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8", + "refsource": "CONFIRM", + "url": "https://github.com/opscode/chef/commit/c3bb41f727fbe00e5de719d687757b24c8dcdfc8" + }, + { + "name": "http://tickets.opscode.com/browse/CHEF-1289", + "refsource": "CONFIRM", + "url": "http://tickets.opscode.com/browse/CHEF-1289" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0087.json b/2014/0xxx/CVE-2014-0087.json index b9d8e16de17..8819c4c7d69 100644 --- a/2014/0xxx/CVE-2014-0087.json +++ b/2014/0xxx/CVE-2014-0087.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ManageIQ/manageiq/issues/1581", - "refsource" : "MISC", - "url" : "https://github.com/ManageIQ/manageiq/issues/1581" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1067623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1067623", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067623" + }, + { + "name": "https://github.com/ManageIQ/manageiq/issues/1581", + "refsource": "MISC", + "url": "https://github.com/ManageIQ/manageiq/issues/1581" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0805.json b/2014/0xxx/CVE-2014-0805.json index e19d6413af8..077730ee4bb 100644 --- a/2014/0xxx/CVE-2014-0805.json +++ b/2014/0xxx/CVE-2014-0805.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.skyarts.com/products/android/neofiler/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.skyarts.com/products/android/neofiler/index.html" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite" - }, - { - "name" : "JVN#85716574", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85716574/index.html" - }, - { - "name" : "JVNDB-2014-000004", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler" + }, + { + "name": "JVN#85716574", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85716574/index.html" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite" + }, + { + "name": "JVNDB-2014-000004", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000004" + }, + { + "name": "http://www.skyarts.com/products/android/neofiler/index.html", + "refsource": "CONFIRM", + "url": "http://www.skyarts.com/products/android/neofiler/index.html" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0856.json b/2014/0xxx/CVE-2014-0856.json index 8bd0bc5372c..19f7799968f 100644 --- a/2014/0xxx/CVE-2014-0856.json +++ b/2014/0xxx/CVE-2014-0856.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0856", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0856", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1927.json b/2014/1xxx/CVE-2014-1927.json index b4996646b34..f861f1e3d47 100644 --- a/2014/1xxx/CVE-2014-1927.json +++ b/2014/1xxx/CVE-2014-1927.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using \"$(\" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/245" - }, - { - "name" : "[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/294" - }, - { - "name" : "https://code.google.com/p/python-gnupg/", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/python-gnupg/" - }, - { - "name" : "https://code.google.com/p/python-gnupg/issues/detail?id=98", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/python-gnupg/issues/detail?id=98" - }, - { - "name" : "DSA-2946", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2946" - }, - { - "name" : "56616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56616" - }, - { - "name" : "59031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using \"$(\" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56616" + }, + { + "name": "DSA-2946", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2946" + }, + { + "name": "[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/245" + }, + { + "name": "https://code.google.com/p/python-gnupg/issues/detail?id=98", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/python-gnupg/issues/detail?id=98" + }, + { + "name": "https://code.google.com/p/python-gnupg/", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/python-gnupg/" + }, + { + "name": "[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/294" + }, + { + "name": "59031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59031" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4577.json b/2014/4xxx/CVE-2014-4577.json index b10f98f076b..c9bf2ff6b32 100644 --- a/2014/4xxx/CVE-2014-4577.json +++ b/2014/4xxx/CVE-2014-4577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion" - }, - { - "name" : "http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt", - "refsource" : "MISC", - "url" : "http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion" + }, + { + "name": "http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt", + "refsource": "MISC", + "url": "http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4770.json b/2014/4xxx/CVE-2014-4770.json index 3ce8e8e3a3e..7cc183b9518 100644 --- a/2014/4xxx/CVE-2014-4770.json +++ b/2014/4xxx/CVE-2014-4770.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682767", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682767" - }, - { - "name" : "PI23055", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055" - }, - { - "name" : "VU#573356", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/573356" - }, - { - "name" : "69981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69981" - }, - { - "name" : "61418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61418" - }, - { - "name" : "61423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61423" - }, - { - "name" : "ibm-websphere-cve20144770-xss(95209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61423" + }, + { + "name": "VU#573356", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/573356" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682767", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682767" + }, + { + "name": "61418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61418" + }, + { + "name": "ibm-websphere-cve20144770-xss(95209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95209" + }, + { + "name": "PI23055", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055" + }, + { + "name": "69981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69981" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5216.json b/2014/5xxx/CVE-2014-5216.json index 2b92f8cc0cd..81de2dea2d0 100644 --- a/2014/5xxx/CVE-2014-5216.json +++ b/2014/5xxx/CVE-2014-5216.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/78" - }, - { - "name" : "http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7015994", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7015994" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7015996", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7015996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/78" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7015996", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7015996" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7015994", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7015994" + }, + { + "name": "http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10672.json b/2016/10xxx/CVE-2016-10672.json index 19011825a23..d9d63a8793d 100644 --- a/2016/10xxx/CVE-2016-10672.json +++ b/2016/10xxx/CVE-2016-10672.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cloudpub-redis node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cloudpub-redis node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/282", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/282", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/282" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3498.json b/2016/3xxx/CVE-2016-3498.json index d2ec3534cd7..55d932ce67f 100644 --- a/2016/3xxx/CVE-2016-3498.json +++ b/2016/3xxx/CVE-2016-3498.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160721-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160721-0001/" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "RHSA-2016:1475", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1475" - }, - { - "name" : "RHSA-2016:1476", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1476" - }, - { - "name" : "SUSE-SU-2016:1997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2016:2012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1979", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:2050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" - }, - { - "name" : "openSUSE-SU-2016:2051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:2052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:2058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91956" - }, - { - "name" : "1036365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "SUSE-SU-2016:2012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2016:2052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160721-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160721-0001/" + }, + { + "name": "RHSA-2016:1475", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1475" + }, + { + "name": "openSUSE-SU-2016:2051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" + }, + { + "name": "1036365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036365" + }, + { + "name": "91956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91956" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "RHSA-2016:1476", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1476" + }, + { + "name": "SUSE-SU-2016:1997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" + }, + { + "name": "openSUSE-SU-2016:2050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" + }, + { + "name": "openSUSE-SU-2016:1979", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:2058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7276.json b/2016/7xxx/CVE-2016-7276.json index 548a4b07b13..d3de8ab669e 100644 --- a/2016/7xxx/CVE-2016-7276.json +++ b/2016/7xxx/CVE-2016-7276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-148", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" - }, - { - "name" : "94666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94666" - }, - { - "name" : "1037441", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-148", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" + }, + { + "name": "94666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94666" + }, + { + "name": "1037441", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037441" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7494.json b/2016/7xxx/CVE-2016-7494.json index b3aacccd88d..971844971f7 100644 --- a/2016/7xxx/CVE-2016-7494.json +++ b/2016/7xxx/CVE-2016-7494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7494", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7925.json b/2016/7xxx/CVE-2016-7925.json index 0b3ffd9ec9a..d93d84f4619 100644 --- a/2016/7xxx/CVE-2016-7925.json +++ b/2016/7xxx/CVE-2016-7925.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8390.json b/2016/8xxx/CVE-2016-8390.json index 70caed697c4..09b7e6e69da 100644 --- a/2016/8xxx/CVE-2016-8390.json +++ b/2016/8xxx/CVE-2016-8390.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2016-10-18T00:00:00", - "ID" : "CVE-2016-8390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hopper", - "version" : { - "version_data" : [ - { - "version_value" : "Hoppler Disassembler 3.11.20" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2016-10-18T00:00:00", + "ID": "CVE-2016-8390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hopper", + "version": { + "version_data": [ + { + "version_value": "Hoppler Disassembler 3.11.20" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222" - }, - { - "name" : "93801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93801" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8738.json b/2016/8xxx/CVE-2016-8738.json index 0cdace2f50c..a0c0a0ffc20 100644 --- a/2016/8xxx/CVE-2016-8738.json +++ b/2016/8xxx/CVE-2016-8738.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-12-19T00:00:00", - "ID" : "CVE-2016-8738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.5 - 2.5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible DoS attack when using URLValidator" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-12-19T00:00:00", + "ID": "CVE-2016-8738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.5 - 2.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://struts.apache.org/docs/s2-044.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-044.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0003/" - }, - { - "name" : "94657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible DoS attack when using URLValidator" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" + }, + { + "name": "94657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94657" + }, + { + "name": "https://struts.apache.org/docs/s2-044.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-044.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8819.json b/2016/8xxx/CVE-2016-8819.json index 2e45aba20a7..237b1a7edef 100644 --- a/2016/8xxx/CVE-2016-8819.json +++ b/2016/8xxx/CVE-2016-8819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, GeForce, GRID and Tesla", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, GeForce, GRID and Tesla", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257" - }, - { - "name" : "95058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95058" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9563.json b/2016/9xxx/CVE-2016-9563.json index 550e5b66a91..bf4cf40b5c0 100644 --- a/2016/9xxx/CVE-2016-9563.json +++ b/2016/9xxx/CVE-2016-9563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/" - }, - { - "name" : "92419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92419" + }, + { + "name": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9816.json b/2016/9xxx/CVE-2016-9816.json index 4805aeee9a6..5d5c3dbf618 100644 --- a/2016/9xxx/CVE-2016-9816.json +++ b/2016/9xxx/CVE-2016-9816.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161129 Xen Security Advisory 201 - ARM guests may induce host asynchronous abort", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/29/3" - }, - { - "name" : "[oss-security] 20161204 Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/7" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-201.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-201.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa201-2.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa201-2.patch" - }, - { - "name" : "GLSA-201612-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-56" - }, - { - "name" : "94581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94581" - }, - { - "name" : "1037358", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/xsa201-2.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa201-2.patch" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-201.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-201.html" + }, + { + "name": "GLSA-201612-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-56" + }, + { + "name": "1037358", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037358" + }, + { + "name": "[oss-security] 20161129 Xen Security Advisory 201 - ARM guests may induce host asynchronous abort", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/29/3" + }, + { + "name": "94581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94581" + }, + { + "name": "[oss-security] 20161204 Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9838.json b/2016/9xxx/CVE-2016-9838.json index cd300ce62e6..3bdeff27e9f 100644 --- a/2016/9xxx/CVE-2016-9838.json +++ b/2016/9xxx/CVE-2016-9838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41157", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41157/" - }, - { - "name" : "https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html", - "refsource" : "CONFIRM", - "url" : "https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html" - }, - { - "name" : "94893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html", + "refsource": "CONFIRM", + "url": "https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html" + }, + { + "name": "41157", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41157/" + }, + { + "name": "94893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94893" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2057.json b/2019/2xxx/CVE-2019-2057.json index b8fea877914..0e5f22c8e1c 100644 --- a/2019/2xxx/CVE-2019-2057.json +++ b/2019/2xxx/CVE-2019-2057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2110.json b/2019/2xxx/CVE-2019-2110.json index 247a299a286..460ec89867b 100644 --- a/2019/2xxx/CVE-2019-2110.json +++ b/2019/2xxx/CVE-2019-2110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2303.json b/2019/2xxx/CVE-2019-2303.json index 820f5aefd1d..1c30b0436fb 100644 --- a/2019/2xxx/CVE-2019-2303.json +++ b/2019/2xxx/CVE-2019-2303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2361.json b/2019/2xxx/CVE-2019-2361.json index cb0f06c946f..16473ba854b 100644 --- a/2019/2xxx/CVE-2019-2361.json +++ b/2019/2xxx/CVE-2019-2361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6342.json b/2019/6xxx/CVE-2019-6342.json index d6462a72276..ea85e49685e 100644 --- a/2019/6xxx/CVE-2019-6342.json +++ b/2019/6xxx/CVE-2019-6342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file