From e82b2dbaa726dcbf30f115cde528b5f13f68cc46 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:51:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0006.json | 270 ++++++++++++------------- 2006/0xxx/CVE-2006-0232.json | 220 ++++++++++----------- 2006/0xxx/CVE-2006-0352.json | 160 +++++++-------- 2006/0xxx/CVE-2006-0668.json | 140 ++++++------- 2006/1xxx/CVE-2006-1673.json | 170 ++++++++-------- 2006/1xxx/CVE-2006-1946.json | 190 +++++++++--------- 2006/1xxx/CVE-2006-1965.json | 200 +++++++++---------- 2006/3xxx/CVE-2006-3077.json | 130 ++++++------ 2006/3xxx/CVE-2006-3144.json | 200 +++++++++---------- 2006/3xxx/CVE-2006-3513.json | 160 +++++++-------- 2006/4xxx/CVE-2006-4094.json | 34 ++-- 2006/4xxx/CVE-2006-4220.json | 170 ++++++++-------- 2006/4xxx/CVE-2006-4643.json | 140 ++++++------- 2010/2xxx/CVE-2010-2476.json | 34 ++-- 2010/2xxx/CVE-2010-2503.json | 120 ++++++------ 2010/2xxx/CVE-2010-2575.json | 330 +++++++++++++++---------------- 2010/2xxx/CVE-2010-2858.json | 170 ++++++++-------- 2010/3xxx/CVE-2010-3037.json | 160 +++++++-------- 2010/3xxx/CVE-2010-3266.json | 170 ++++++++-------- 2010/3xxx/CVE-2010-3500.json | 130 ++++++------ 2010/3xxx/CVE-2010-3663.json | 34 ++-- 2010/4xxx/CVE-2010-4625.json | 180 ++++++++--------- 2010/4xxx/CVE-2010-4956.json | 170 ++++++++-------- 2011/1xxx/CVE-2011-1252.json | 160 +++++++-------- 2011/1xxx/CVE-2011-1539.json | 160 +++++++-------- 2011/1xxx/CVE-2011-1720.json | 290 +++++++++++++-------------- 2011/1xxx/CVE-2011-1867.json | 210 ++++++++++---------- 2011/5xxx/CVE-2011-5089.json | 130 ++++++------ 2011/5xxx/CVE-2011-5223.json | 170 ++++++++-------- 2014/3xxx/CVE-2014-3304.json | 150 +++++++------- 2014/3xxx/CVE-2014-3838.json | 120 ++++++------ 2014/3xxx/CVE-2014-3962.json | 150 +++++++------- 2014/7xxx/CVE-2014-7219.json | 34 ++-- 2014/7xxx/CVE-2014-7348.json | 140 ++++++------- 2014/7xxx/CVE-2014-7847.json | 150 +++++++------- 2014/8xxx/CVE-2014-8091.json | 220 ++++++++++----------- 2014/8xxx/CVE-2014-8172.json | 170 ++++++++-------- 2014/8xxx/CVE-2014-8498.json | 180 ++++++++--------- 2014/8xxx/CVE-2014-8769.json | 250 +++++++++++------------ 2014/9xxx/CVE-2014-9177.json | 150 +++++++------- 2014/9xxx/CVE-2014-9697.json | 120 ++++++------ 2014/9xxx/CVE-2014-9761.json | 270 ++++++++++++------------- 2016/2xxx/CVE-2016-2586.json | 34 ++-- 2016/2xxx/CVE-2016-2689.json | 34 ++-- 2016/2xxx/CVE-2016-2710.json | 34 ++-- 2016/2xxx/CVE-2016-2794.json | 370 +++++++++++++++++------------------ 2016/6xxx/CVE-2016-6028.json | 226 ++++++++++----------- 2016/6xxx/CVE-2016-6279.json | 34 ++-- 2016/6xxx/CVE-2016-6807.json | 130 ++++++------ 2016/7xxx/CVE-2016-7146.json | 150 +++++++------- 2017/5xxx/CVE-2017-5541.json | 140 ++++++------- 2017/5xxx/CVE-2017-5907.json | 120 ++++++------ 52 files changed, 4089 insertions(+), 4089 deletions(-) diff --git a/2006/0xxx/CVE-2006-0006.json b/2006/0xxx/CVE-2006-0006.json index 8b5e5b6225c..34b07addb5d 100644 --- a/2006/0xxx/CVE-2006-0006.json +++ b/2006/0xxx/CVE-2006-0006.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060214 [EEYEB-20051017] Windows Media Player BMP Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424983/100/0/threaded" - }, - { - "name" : "20060215 Windows Media Player BMP Heap Overflow (MS06-005)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425158/100/0/threaded" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20060214.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20060214.html" - }, - { - "name" : "MS06-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-005" - }, - { - "name" : "TA06-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-045A.html" - }, - { - "name" : "VU#291396", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/291396" - }, - { - "name" : "16633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16633" - }, - { - "name" : "ADV-2006-0574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0574" - }, - { - "name" : "oval:org.mitre.oval:def:1256", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1256" - }, - { - "name" : "oval:org.mitre.oval:def:1578", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1578" - }, - { - "name" : "oval:org.mitre.oval:def:1598", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1598" - }, - { - "name" : "oval:org.mitre.oval:def:1661", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1661" - }, - { - "name" : "1015627", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015627" - }, - { - "name" : "18835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18835" - }, - { - "name" : "423", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/423" - }, - { - "name" : "win-media-player-bmp-bo(24488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1256", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1256" + }, + { + "name": "oval:org.mitre.oval:def:1578", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1578" + }, + { + "name": "ADV-2006-0574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0574" + }, + { + "name": "20060214 [EEYEB-20051017] Windows Media Player BMP Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424983/100/0/threaded" + }, + { + "name": "16633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16633" + }, + { + "name": "423", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/423" + }, + { + "name": "TA06-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-045A.html" + }, + { + "name": "1015627", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015627" + }, + { + "name": "VU#291396", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/291396" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20060214.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20060214.html" + }, + { + "name": "20060215 Windows Media Player BMP Heap Overflow (MS06-005)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425158/100/0/threaded" + }, + { + "name": "win-media-player-bmp-bo(24488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24488" + }, + { + "name": "MS06-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-005" + }, + { + "name": "18835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18835" + }, + { + "name": "oval:org.mitre.oval:def:1598", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1598" + }, + { + "name": "oval:org.mitre.oval:def:1661", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1661" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0232.json b/2006/0xxx/CVE-2006-0232.json index 62c66150e77..fdf704bed08 100644 --- a/2006/0xxx/CVE-2006-0232.json +++ b/2006/0xxx/CVE-2006-0232.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431728/100/0/threaded" - }, - { - "name" : "20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431734/100/0/threaded" - }, - { - "name" : "20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.04.21.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.04.21.html" - }, - { - "name" : "17637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17637" - }, - { - "name" : "ADV-2006-1464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1464" - }, - { - "name" : "1015974", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015974" - }, - { - "name" : "19734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19734" - }, - { - "name" : "758", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/758" - }, - { - "name" : "759", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/759" - }, - { - "name" : "sse-unauth-file-access(25974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17637" + }, + { + "name": "20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431728/100/0/threaded" + }, + { + "name": "19734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19734" + }, + { + "name": "20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431734/100/0/threaded" + }, + { + "name": "sse-unauth-file-access(25974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25974" + }, + { + "name": "758", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/758" + }, + { + "name": "759", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/759" + }, + { + "name": "20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.04.21.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.04.21.html" + }, + { + "name": "ADV-2006-1464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1464" + }, + { + "name": "1015974", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015974" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0352.json b/2006/0xxx/CVE-2006-0352.json index fdae9517a8c..70005888f40 100644 --- a/2006/0xxx/CVE-2006-0352.json +++ b/2006/0xxx/CVE-2006-0352.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 [eVuln] Flog Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422268/100/0/threaded" - }, - { - "name" : "20070105 Flog 1.1.2 Remote Admin Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456069/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/38/summary/bt/", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/38/summary/bt/" - }, - { - "name" : "flog-admin-info-disclosure(31307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31307" - }, - { - "name" : "flog-data-directory-insecure(24193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flog-data-directory-insecure(24193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24193" + }, + { + "name": "20060117 [eVuln] Flog Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422268/100/0/threaded" + }, + { + "name": "20070105 Flog 1.1.2 Remote Admin Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456069/100/0/threaded" + }, + { + "name": "flog-admin-info-disclosure(31307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31307" + }, + { + "name": "http://evuln.com/vulns/38/summary/bt/", + "refsource": "MISC", + "url": "http://evuln.com/vulns/38/summary/bt/" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0668.json b/2006/0xxx/CVE-2006-0668.json index 6ed87f6b811..87d19ab8e10 100644 --- a/2006/0xxx/CVE-2006-0668.json +++ b/2006/0xxx/CVE-2006-0668.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/16567/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/16567/exploit" - }, - { - "name" : "16567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16567" - }, - { - "name" : "19023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/16567/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/16567/exploit" + }, + { + "name": "19023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19023" + }, + { + "name": "16567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16567" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1673.json b/2006/1xxx/CVE-2006-1673.json index 4d3591d607b..3d9bcbf524a 100644 --- a/2006/1xxx/CVE-2006-1673.json +++ b/2006/1xxx/CVE-2006-1673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/vbug-tracker-for-vbulletin-35x-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/vbug-tracker-for-vbulletin-35x-xss.html" - }, - { - "name" : "17407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17407" - }, - { - "name" : "ADV-2006-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1267" - }, - { - "name" : "24448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24448" - }, - { - "name" : "19562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19562" - }, - { - "name" : "vbulletin-vbugtracker-vbugs-xss(25649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19562" + }, + { + "name": "24448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24448" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/vbug-tracker-for-vbulletin-35x-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/vbug-tracker-for-vbulletin-35x-xss.html" + }, + { + "name": "vbulletin-vbugtracker-vbugs-xss(25649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25649" + }, + { + "name": "ADV-2006-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1267" + }, + { + "name": "17407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17407" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1946.json b/2006/1xxx/CVE-2006-1946.json index fe5a80d4564..1f1b3b07db6 100644 --- a/2006/1xxx/CVE-2006-1946.json +++ b/2006/1xxx/CVE-2006-1946.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/visale-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/visale-xss-vuln.html" - }, - { - "name" : "17598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17598" - }, - { - "name" : "ADV-2006-1408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1408" - }, - { - "name" : "24716", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24716" - }, - { - "name" : "24717", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24717" - }, - { - "name" : "24718", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24718" - }, - { - "name" : "19655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19655" - }, - { - "name" : "visale-multiple-xss(25928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/04/visale-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/visale-xss-vuln.html" + }, + { + "name": "19655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19655" + }, + { + "name": "24716", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24716" + }, + { + "name": "ADV-2006-1408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1408" + }, + { + "name": "24717", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24717" + }, + { + "name": "visale-multiple-xss(25928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25928" + }, + { + "name": "17598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17598" + }, + { + "name": "24718", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24718" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1965.json b/2006/1xxx/CVE-2006-1965.json index 55094792c0b..584ccad5b55 100644 --- a/2006/1xxx/CVE-2006-1965.json +++ b/2006/1xxx/CVE-2006-1965.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html" - }, - { - "name" : "17622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17622" - }, - { - "name" : "ADV-2006-1436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1436" - }, - { - "name" : "24754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24754" - }, - { - "name" : "24755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24755" - }, - { - "name" : "24756", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24756" - }, - { - "name" : "24757", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24757" - }, - { - "name" : "19651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19651" - }, - { - "name" : "netclubspro-multiple-xss(25957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24757", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24757" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html" + }, + { + "name": "24754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24754" + }, + { + "name": "ADV-2006-1436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1436" + }, + { + "name": "17622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17622" + }, + { + "name": "netclubspro-multiple-xss(25957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25957" + }, + { + "name": "24755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24755" + }, + { + "name": "24756", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24756" + }, + { + "name": "19651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19651" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3077.json b/2006/3xxx/CVE-2006-3077.json index 0dd78e131d2..c41836857b5 100644 --- a/2006/3xxx/CVE-2006-3077.json +++ b/2006/3xxx/CVE-2006-3077.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html" - }, - { - "name" : "axentguestbook-guestbook-xss(27160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "axentguestbook-guestbook-xss(27160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27160" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3144.json b/2006/3xxx/CVE-2006-3144.json index 0c98b31809b..a39a5b80afb 100644 --- a/2006/3xxx/CVE-2006-3144.json +++ b/2006/3xxx/CVE-2006-3144.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070112 Micro CMS <= 3.5 Remote File Include Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456721/100/0/threaded" - }, - { - "name" : "1929", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1929" - }, - { - "name" : "9699", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9699" - }, - { - "name" : "18537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18537" - }, - { - "name" : "ADV-2006-2446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2446" - }, - { - "name" : "26677", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26677" - }, - { - "name" : "20758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20758" - }, - { - "name" : "microcms-microcmsinclude-file-include(27236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27236" - }, - { - "name" : "microcms-microcms-file-include(53273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20758" + }, + { + "name": "18537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18537" + }, + { + "name": "9699", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9699" + }, + { + "name": "1929", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1929" + }, + { + "name": "microcms-microcms-file-include(53273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53273" + }, + { + "name": "20070112 Micro CMS <= 3.5 Remote File Include Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456721/100/0/threaded" + }, + { + "name": "26677", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26677" + }, + { + "name": "ADV-2006-2446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2446" + }, + { + "name": "microcms-microcmsinclude-file-include(27236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27236" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3513.json b/2006/3xxx/CVE-2006-3513.json index ac05f65bb64..c7bd6643ec9 100644 --- a/2006/3xxx/CVE-2006-3513.json +++ b/2006/3xxx/CVE-2006-3513.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" - }, - { - "name" : "18902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18902" - }, - { - "name" : "ADV-2006-2719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2719" - }, - { - "name" : "27013", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27013" - }, - { - "name" : "ie-directanimation-dauserdata-dos(27622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-directanimation-dauserdata-dos(27622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" + }, + { + "name": "ADV-2006-2719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2719" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" + }, + { + "name": "18902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18902" + }, + { + "name": "27013", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27013" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4094.json b/2006/4xxx/CVE-2006-4094.json index 45000d045f4..73122d2d0fe 100644 --- a/2006/4xxx/CVE-2006-4094.json +++ b/2006/4xxx/CVE-2006-4094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4220.json b/2006/4xxx/CVE-2006-4220.json index 119a2e676f1..7b396e4744d 100644 --- a/2006/4xxx/CVE-2006-4220.json +++ b/2006/4xxx/CVE-2006-4220.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z" - }, - { - "name" : "27582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27582" - }, - { - "name" : "ADV-2008-0395", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0395" - }, - { - "name" : "27531", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27531" - }, - { - "name" : "1019302", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019302" - }, - { - "name" : "28778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27582" + }, + { + "name": "1019302", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019302" + }, + { + "name": "27531", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27531" + }, + { + "name": "28778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28778" + }, + { + "name": "ADV-2008-0395", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0395" + }, + { + "name": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z", + "refsource": "CONFIRM", + "url": "http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4643.json b/2006/4xxx/CVE-2006-4643.json index dc57283109e..35f9b01f486 100644 --- a/2006/4xxx/CVE-2006-4643.json +++ b/2006/4xxx/CVE-2006-4643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19880" - }, - { - "name" : "ADV-2006-3500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3500" - }, - { - "name" : "21789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19880" + }, + { + "name": "ADV-2006-3500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3500" + }, + { + "name": "21789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21789" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2476.json b/2010/2xxx/CVE-2010-2476.json index 6b7232cabb7..1243b8c428f 100644 --- a/2010/2xxx/CVE-2010-2476.json +++ b/2010/2xxx/CVE-2010-2476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2503.json b/2010/2xxx/CVE-2010-2503.json index dc7de1e8c3b..a1b35080151 100644 --- a/2010/2xxx/CVE-2010-2503.json +++ b/2010/2xxx/CVE-2010-2503.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified \"user->user or user->admin\" vectors, aka SPL-31084; or (3) unspecified \"user input,\" aka SPL-31085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAFGD", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAFGD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified \"user->user or user->admin\" vectors, aka SPL-31084; or (3) unspecified \"user input,\" aka SPL-31085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAFGD", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAFGD" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2575.json b/2010/2xxx/CVE-2010-2575.json index 7751794ea29..236f1e768b2 100644 --- a/2010/2xxx/CVE-2010-2575.json +++ b/2010/2xxx/CVE-2010-2575.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513341/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-109/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-109/" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20100825-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20100825-1.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=627289", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=627289" - }, - { - "name" : "FEDORA-2010-13589", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html" - }, - { - "name" : "FEDORA-2010-13629", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html" - }, - { - "name" : "FEDORA-2010-13661", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html" - }, - { - "name" : "MDVSA-2010:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162" - }, - { - "name" : "SSA:2010-240-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "USN-979-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-979-1" - }, - { - "name" : "67454", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67454" - }, - { - "name" : "40952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40952" - }, - { - "name" : "41086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41086" - }, - { - "name" : "41132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41132" - }, - { - "name" : "ADV-2010-2178", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2178" - }, - { - "name" : "ADV-2010-2179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2179" - }, - { - "name" : "ADV-2010-2202", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2202" - }, - { - "name" : "ADV-2010-2206", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2206" - }, - { - "name" : "ADV-2010-2219", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2219" - }, - { - "name" : "ADV-2010-2230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2230" - }, - { - "name" : "okularpdb-imagecpp-bo(61371)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-979-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-979-1" + }, + { + "name": "ADV-2010-2178", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2178" + }, + { + "name": "ADV-2010-2202", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2202" + }, + { + "name": "ADV-2010-2219", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2219" + }, + { + "name": "41132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41132" + }, + { + "name": "http://www.kde.org/info/security/advisory-20100825-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20100825-1.txt" + }, + { + "name": "20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded" + }, + { + "name": "FEDORA-2010-13661", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html" + }, + { + "name": "SSA:2010-240-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142" + }, + { + "name": "FEDORA-2010-13629", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html" + }, + { + "name": "okularpdb-imagecpp-bo(61371)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371" + }, + { + "name": "ADV-2010-2206", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2206" + }, + { + "name": "MDVSA-2010:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162" + }, + { + "name": "67454", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67454" + }, + { + "name": "ADV-2010-2230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2230" + }, + { + "name": "41086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41086" + }, + { + "name": "ADV-2010-2179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2179" + }, + { + "name": "40952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40952" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "http://secunia.com/secunia_research/2010-109/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-109/" + }, + { + "name": "FEDORA-2010-13589", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=627289", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2858.json b/2010/2xxx/CVE-2010-2858.json index b894d81b46f..9ecdca8ee60 100644 --- a/2010/2xxx/CVE-2010-2858.json +++ b/2010/2xxx/CVE-2010-2858.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100709 Vulnerabilities in SimpNews", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512271/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt" - }, - { - "name" : "http://websecurity.com.ua/4245/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/4245/" - }, - { - "name" : "41517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41517" - }, - { - "name" : "40501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40501" - }, - { - "name" : "simpnews-news-xss(60244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40501" + }, + { + "name": "simpnews-news-xss(60244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60244" + }, + { + "name": "20100709 Vulnerabilities in SimpNews", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512271/100/0/threaded" + }, + { + "name": "http://websecurity.com.ua/4245/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/4245/" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt" + }, + { + "name": "41517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41517" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3037.json b/2010/3xxx/CVE-2010-3037.json index 25729cfb5ff..e911a48650d 100644 --- a/2010/3xxx/CVE-2010-3037.json +++ b/2010/3xxx/CVE-2010-3037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a \"shell command injection vulnerability,\" aka Bug ID CSCti54059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/167" - }, - { - "name" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", - "refsource" : "MISC", - "url" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" - }, - { - "name" : "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" - }, - { - "name" : "44922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44922" - }, - { - "name" : "1024753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a \"shell command injection vulnerability,\" aka Bug ID CSCti54059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44922" + }, + { + "name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", + "refsource": "MISC", + "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" + }, + { + "name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" + }, + { + "name": "1024753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024753" + }, + { + "name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/167" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3266.json b/2010/3xxx/CVE-2010-3266.json index da4a1ea0a27..eb042bf0622 100644 --- a/2010/3xxx/CVE-2010-3266.json +++ b/2010/3xxx/CVE-2010-3266.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514957/100/0/threaded" - }, - { - "name" : "15653", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15653" - }, - { - "name" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker" - }, - { - "name" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup", - "refsource" : "CONFIRM", - "url" : "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup" - }, - { - "name" : "45121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45121" - }, - { - "name" : "42418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup", + "refsource": "CONFIRM", + "url": "http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup" + }, + { + "name": "15653", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15653" + }, + { + "name": "20101130 CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514957/100/0/threaded" + }, + { + "name": "45121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45121" + }, + { + "name": "42418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42418" + }, + { + "name": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3500.json b/2010/3xxx/CVE-2010-3500.json index 0f69888a60c..81cd5297825 100644 --- a/2010/3xxx/CVE-2010-3500.json +++ b/2010/3xxx/CVE-2010-3500.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-2405." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-2405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3663.json b/2010/3xxx/CVE-2010-3663.json index 67b90a71e7a..ae0dbd502e7 100644 --- a/2010/3xxx/CVE-2010-3663.json +++ b/2010/3xxx/CVE-2010-3663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4625.json b/2010/4xxx/CVE-2010-4625.json index 419b6927c43..a4b3a397361 100644 --- a/2010/4xxx/CVE-2010-4625.json +++ b/2010/4xxx/CVE-2010-4625.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/08/7" - }, - { - "name" : "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/11/8" - }, - { - "name" : "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/06/2" - }, - { - "name" : "http://community.mybb.com/thread-66255.html", - "refsource" : "MISC", - "url" : "http://community.mybb.com/thread-66255.html" - }, - { - "name" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" - }, - { - "name" : "http://dev.mybboard.net/issues/809", - "refsource" : "CONFIRM", - "url" : "http://dev.mybboard.net/issues/809" - }, - { - "name" : "mybb-hidden-threads-info-disc(64517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" + }, + { + "name": "http://dev.mybboard.net/issues/809", + "refsource": "CONFIRM", + "url": "http://dev.mybboard.net/issues/809" + }, + { + "name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/08/7" + }, + { + "name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/11/8" + }, + { + "name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/06/2" + }, + { + "name": "http://community.mybb.com/thread-66255.html", + "refsource": "MISC", + "url": "http://community.mybb.com/thread-66255.html" + }, + { + "name": "mybb-hidden-threads-info-disc(64517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64517" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4956.json b/2010/4xxx/CVE-2010-4956.json index aad82a3810b..902b3b66d15 100644 --- a/2010/4xxx/CVE-2010-4956.json +++ b/2010/4xxx/CVE-2010-4956.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" - }, - { - "name" : "42369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42369" - }, - { - "name" : "67030", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67030" - }, - { - "name" : "40950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40950" - }, - { - "name" : "questionnaire-unspecified-xss(61043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" + }, + { + "name": "42369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42369" + }, + { + "name": "67030", + "refsource": "OSVDB", + "url": "http://osvdb.org/67030" + }, + { + "name": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/" + }, + { + "name": "40950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40950" + }, + { + "name": "questionnaire-unspecified-xss(61043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1252.json b/2011/1xxx/CVE-2011-1252.json index 6c78c405ec3..837c587872a 100644 --- a/2011/1xxx/CVE-2011-1252.json +++ b/2011/1xxx/CVE-2011-1252.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka \"toStaticHTML Information Disclosure Vulnerability\" or \"HTML Sanitization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" - }, - { - "name" : "MS11-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12577", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577" - }, - { - "name" : "oval:org.mitre.oval:def:12885", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka \"toStaticHTML Information Disclosure Vulnerability\" or \"HTML Sanitization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" + }, + { + "name": "oval:org.mitre.oval:def:12885", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885" + }, + { + "name": "MS11-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" + }, + { + "name": "oval:org.mitre.oval:def:12577", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1539.json b/2011/1xxx/CVE-2011-1539.json index 4fd05004fa1..3a314f2f495 100644 --- a/2011/1xxx/CVE-2011-1539.json +++ b/2011/1xxx/CVE-2011-1539.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02661", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331221326039&w=2" - }, - { - "name" : "SSRT100408", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331221326039&w=2" - }, - { - "name" : "1025419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025419" - }, - { - "name" : "44234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44234" - }, - { - "name" : "8236", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100408", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331221326039&w=2" + }, + { + "name": "1025419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025419" + }, + { + "name": "HPSBMA02661", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331221326039&w=2" + }, + { + "name": "8236", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8236" + }, + { + "name": "44234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44234" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1720.json b/2011/1xxx/CVE-2011-1720.json index 969851d9643..7724a30904b 100644 --- a/2011/1xxx/CVE-2011-1720.json +++ b/2011/1xxx/CVE-2011-1720.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517917/100/0/threaded" - }, - { - "name" : "[postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html" - }, - { - "name" : "http://www.postfix.org/CVE-2011-1720.html", - "refsource" : "CONFIRM", - "url" : "http://www.postfix.org/CVE-2011-1720.html" - }, - { - "name" : "http://www.postfix.org/announcements/postfix-2.8.3.html", - "refsource" : "CONFIRM", - "url" : "http://www.postfix.org/announcements/postfix-2.8.3.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=699035", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=699035" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-2233", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2233" - }, - { - "name" : "GLSA-201206-33", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-33.xml" - }, - { - "name" : "MDVSA-2011:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090" - }, - { - "name" : "SUSE-SA:2011:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html" - }, - { - "name" : "USN-1131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-1131-1" - }, - { - "name" : "VU#727230", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/727230" - }, - { - "name" : "47778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47778" - }, - { - "name" : "72259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/72259" - }, - { - "name" : "1025521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025521" - }, - { - "name" : "44500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44500" - }, - { - "name" : "8247", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8247" - }, - { - "name" : "postfix-cyrus-sasl-code-exec(67359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded" + }, + { + "name": "http://www.postfix.org/CVE-2011-1720.html", + "refsource": "CONFIRM", + "url": "http://www.postfix.org/CVE-2011-1720.html" + }, + { + "name": "44500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44500" + }, + { + "name": "47778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47778" + }, + { + "name": "GLSA-201206-33", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-33.xml" + }, + { + "name": "72259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/72259" + }, + { + "name": "VU#727230", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/727230" + }, + { + "name": "1025521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025521" + }, + { + "name": "[postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html" + }, + { + "name": "http://www.postfix.org/announcements/postfix-2.8.3.html", + "refsource": "CONFIRM", + "url": "http://www.postfix.org/announcements/postfix-2.8.3.html" + }, + { + "name": "8247", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8247" + }, + { + "name": "SUSE-SA:2011:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=699035", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035" + }, + { + "name": "MDVSA-2011:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "DSA-2233", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2233" + }, + { + "name": "USN-1131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-1131-1" + }, + { + "name": "postfix-cyrus-sasl-code-exec(67359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1867.json b/2011/1xxx/CVE-2011-1867.json index e4d8782d8bf..fa78e06d3c5 100644 --- a/2011/1xxx/CVE-2011-1867.json +++ b/2011/1xxx/CVE-2011-1867.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110701 ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518691/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-232/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-232/" - }, - { - "name" : "HPSB3C02687", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130982758604404&w=2" - }, - { - "name" : "SSRT100377", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130982758604404&w=2" - }, - { - "name" : "48527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48527" - }, - { - "name" : "73597", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73597" - }, - { - "name" : "1025740", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025740" - }, - { - "name" : "45129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45129" - }, - { - "name" : "8302", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8302" - }, - { - "name" : "hp-imc-unspec-code-execution(68348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-232/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-232/" + }, + { + "name": "48527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48527" + }, + { + "name": "73597", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73597" + }, + { + "name": "1025740", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025740" + }, + { + "name": "hp-imc-unspec-code-execution(68348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68348" + }, + { + "name": "SSRT100377", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130982758604404&w=2" + }, + { + "name": "HPSB3C02687", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130982758604404&w=2" + }, + { + "name": "45129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45129" + }, + { + "name": "8302", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8302" + }, + { + "name": "20110701 ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518691/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5089.json b/2011/5xxx/CVE-2011-5089.json index 6bed1b2249a..6813205d8b0 100644 --- a/2011/5xxx/CVE-2011-5089.json +++ b/2011/5xxx/CVE-2011-5089.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf" - }, - { - "name" : "genesis32-security-login-bo(74932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "genesis32-security-login-bo(74932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74932" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5223.json b/2011/5xxx/CVE-2011-5223.json index 9128008daf4..3b1cdcccef0 100644 --- a/2011/5xxx/CVE-2011-5223.json +++ b/2011/5xxx/CVE-2011-5223.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.cacti.net/view.php?id=2062", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=2062" - }, - { - "name" : "http://forums.cacti.net/viewtopic.php?f=21&t=44116", - "refsource" : "CONFIRM", - "url" : "http://forums.cacti.net/viewtopic.php?f=21&t=44116" - }, - { - "name" : "http://forums.cacti.net/viewtopic.php?f=4&t=45871", - "refsource" : "CONFIRM", - "url" : "http://forums.cacti.net/viewtopic.php?f=4&t=45871" - }, - { - "name" : "51048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51048" - }, - { - "name" : "47195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47195" - }, - { - "name" : "cacti-logout-csrf(71792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.cacti.net/view.php?id=2062", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=2062" + }, + { + "name": "47195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47195" + }, + { + "name": "http://forums.cacti.net/viewtopic.php?f=4&t=45871", + "refsource": "CONFIRM", + "url": "http://forums.cacti.net/viewtopic.php?f=4&t=45871" + }, + { + "name": "http://forums.cacti.net/viewtopic.php?f=21&t=44116", + "refsource": "CONFIRM", + "url": "http://forums.cacti.net/viewtopic.php?f=21&t=44116" + }, + { + "name": "cacti-logout-csrf(71792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71792" + }, + { + "name": "51048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51048" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3304.json b/2014/3xxx/CVE-2014-3304.json index 6b011a0d410..d2e40a06e9f 100644 --- a/2014/3xxx/CVE-2014-3304.json +++ b/2014/3xxx/CVE-2014-3304.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140725 Cisco WebEx Meetings Server OutlookAction Class Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3304" - }, - { - "name" : "68911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68911" - }, - { - "name" : "1030641", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030641" - }, - { - "name" : "cisco-webex-cve20143304-info-disc(94880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030641", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030641" + }, + { + "name": "68911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68911" + }, + { + "name": "20140725 Cisco WebEx Meetings Server OutlookAction Class Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3304" + }, + { + "name": "cisco-webex-cve20143304-info-disc(94880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94880" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3838.json b/2014/3xxx/CVE-2014-3838.json index df3eba237b4..f0f690d9c31 100644 --- a/2014/3xxx/CVE-2014-3838.json +++ b/2014/3xxx/CVE-2014-3838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oc-sa-2014-016/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oc-sa-2014-016/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3962.json b/2014/3xxx/CVE-2014-3962.json index b4e4e64a26c..bf54d56424e 100644 --- a/2014/3xxx/CVE-2014-3962.json +++ b/2014/3xxx/CVE-2014-3962.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33514", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33514" - }, - { - "name" : "http://packetstormsecurity.com/files/126866/Videos-Tube-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126866/Videos-Tube-1.0-SQL-Injection.html" - }, - { - "name" : "67766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67766" - }, - { - "name" : "58844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33514", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33514" + }, + { + "name": "58844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58844" + }, + { + "name": "67766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67766" + }, + { + "name": "http://packetstormsecurity.com/files/126866/Videos-Tube-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126866/Videos-Tube-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7219.json b/2014/7xxx/CVE-2014-7219.json index eba877c3d28..b1f1c4ed6ca 100644 --- a/2014/7xxx/CVE-2014-7219.json +++ b/2014/7xxx/CVE-2014-7219.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7219", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7219", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7348.json b/2014/7xxx/CVE-2014-7348.json index 4347c3072dc..9cc73c7110d 100644 --- a/2014/7xxx/CVE-2014-7348.json +++ b/2014/7xxx/CVE-2014-7348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#150153", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150153" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#150153", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150153" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7847.json b/2014/7xxx/CVE-2014-7847.json index 42a08b1d645..2c6d7ca120b 100644 --- a/2014/7xxx/CVE-2014-7847.json +++ b/2014/7xxx/CVE-2014-7847.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275158", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275158" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275158", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275158" + }, + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8091.json b/2014/8xxx/CVE-2014-8091.json index a1cda5ae921..86a99e2bc49 100644 --- a/2014/8xxx/CVE-2014-8091.json +++ b/2014/8xxx/CVE-2014-8091.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0532.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0532.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3095" - }, - { - "name" : "GLSA-201504-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-06" - }, - { - "name" : "MDVSA-2015:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" - }, - { - "name" : "71597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71597" - }, - { - "name" : "62292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62292" - }, - { - "name" : "61947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3095" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0532.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0532.html" + }, + { + "name": "GLSA-201504-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-06" + }, + { + "name": "62292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62292" + }, + { + "name": "MDVSA-2015:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "71597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71597" + }, + { + "name": "61947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61947" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8172.json b/2014/8xxx/CVE-2014-8172.json index 78af60c3240..376f2fba7b9 100644 --- a/2014/8xxx/CVE-2014-8172.json +++ b/2014/8xxx/CVE-2014-8172.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150309 CVE-2014-8172", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/09/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198503" - }, - { - "name" : "https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87" - }, - { - "name" : "RHSA-2015:0290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" - }, - { - "name" : "RHSA-2015:0694", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0694.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150309 CVE-2014-8172", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/09/3" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87" + }, + { + "name": "RHSA-2015:0694", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html" + }, + { + "name": "RHSA-2015:0290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198503", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198503" + }, + { + "name": "https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8498.json b/2014/8xxx/CVE-2014-8498.json index 10e3d642aaf..36817f656f4 100644 --- a/2014/8xxx/CVE-2014-8498.json +++ b/2014/8xxx/CVE-2014-8498.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35210", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35210" - }, - { - "name" : "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/18" - }, - { - "name" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt" - }, - { - "name" : "71016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71016" - }, - { - "name" : "114483", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/114483" - }, - { - "name" : "passwordmanager-cve20148498-sql-injection(98596)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71016" + }, + { + "name": "114483", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/114483" + }, + { + "name": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html" + }, + { + "name": "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/18" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt" + }, + { + "name": "passwordmanager-cve20148498-sql-injection(98596)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98596" + }, + { + "name": "35210", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35210" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8769.json b/2014/8xxx/CVE-2014-8769.json index 5ffad614c2f..457089fb362 100644 --- a/2014/8xxx/CVE-2014-8769.json +++ b/2014/8xxx/CVE-2014-8769.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534009/100/0/threaded" - }, - { - "name" : "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/49" - }, - { - "name" : "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0503.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0503.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3086", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3086" - }, - { - "name" : "MDVSA-2014:240", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240" - }, - { - "name" : "MDVSA-2015:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" - }, - { - "name" : "openSUSE-SU-2015:0284", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html" - }, - { - "name" : "USN-2433-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2433-1" - }, - { - "name" : "71153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71153" - }, - { - "name" : "tcpdump-cve20148769-dos(98764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:240", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240" + }, + { + "name": "MDVSA-2015:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" + }, + { + "name": "openSUSE-SU-2015:0284", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "71153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71153" + }, + { + "name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534009/100/0/threaded" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "tcpdump-cve20148769-dos(98764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98764" + }, + { + "name": "USN-2433-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2433-1" + }, + { + "name": "DSA-3086", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3086" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0503.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0503.html" + }, + { + "name": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/49" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9177.json b/2014/9xxx/CVE-2014-9177.json index f48aab0fd2d..f3229538200 100644 --- a/2014/9xxx/CVE-2014-9177.json +++ b/2014/9xxx/CVE-2014-9177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://h4x0resec.blogspot.com/2014/11/wordpress-html5-mp3-player-with.html", - "refsource" : "MISC", - "url" : "http://h4x0resec.blogspot.com/2014/11/wordpress-html5-mp3-player-with.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html" - }, - { - "name" : "https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog/" - }, - { - "name" : "html5mp3player-wp-playlist-path-disclosure(98988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog/" + }, + { + "name": "http://h4x0resec.blogspot.com/2014/11/wordpress-html5-mp3-player-with.html", + "refsource": "MISC", + "url": "http://h4x0resec.blogspot.com/2014/11/wordpress-html5-mp3-player-with.html" + }, + { + "name": "html5mp3player-wp-playlist-path-disclosure(98988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98988" + }, + { + "name": "http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9697.json b/2014/9xxx/CVE-2014-9697.json index fede066d426..abb1f5ae963 100644 --- a/2014/9xxx/CVE-2014-9697.json +++ b/2014/9xxx/CVE-2014-9697.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9761.json b/2014/9xxx/CVE-2014-9761.json index 0a4dff44d03..db1d8cbc446 100644 --- a/2014/9xxx/CVE-2014-9761.json +++ b/2014/9xxx/CVE-2014-9761.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", - "refsource" : "MLIST", - "url" : "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" - }, - { - "name" : "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/19/11" - }, - { - "name" : "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/20/1" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" - }, - { - "name" : "FEDORA-2016-68abc0be35", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" - }, - { - "name" : "GLSA-201702-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-11" - }, - { - "name" : "RHSA-2017:0680", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0680.html" - }, - { - "name" : "RHSA-2017:1916", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1916" - }, - { - "name" : "SUSE-SU-2016:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" - }, - { - "name" : "SUSE-SU-2016:0471", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" - }, - { - "name" : "SUSE-SU-2016:0472", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0473", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2016:0510", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" - }, - { - "name" : "USN-2985-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-1" - }, - { - "name" : "USN-2985-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-2" - }, - { - "name" : "83306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0471", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" + }, + { + "name": "FEDORA-2016-68abc0be35", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" + }, + { + "name": "RHSA-2017:1916", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1916" + }, + { + "name": "openSUSE-SU-2016:0510", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" + }, + { + "name": "SUSE-SU-2016:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" + }, + { + "name": "RHSA-2017:0680", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html" + }, + { + "name": "USN-2985-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-2" + }, + { + "name": "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" + }, + { + "name": "GLSA-201702-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-11" + }, + { + "name": "SUSE-SU-2016:0472", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" + }, + { + "name": "SUSE-SU-2016:0473", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" + }, + { + "name": "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", + "refsource": "MLIST", + "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" + }, + { + "name": "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11" + }, + { + "name": "83306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83306" + }, + { + "name": "USN-2985-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-1" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2586.json b/2016/2xxx/CVE-2016-2586.json index b8a2ee505c1..a8de1df9d7e 100644 --- a/2016/2xxx/CVE-2016-2586.json +++ b/2016/2xxx/CVE-2016-2586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2586", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2689.json b/2016/2xxx/CVE-2016-2689.json index dd354359d11..548515ad201 100644 --- a/2016/2xxx/CVE-2016-2689.json +++ b/2016/2xxx/CVE-2016-2689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2689", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2689", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2710.json b/2016/2xxx/CVE-2016-2710.json index 45469045656..df1390867a0 100644 --- a/2016/2xxx/CVE-2016-2710.json +++ b/2016/2xxx/CVE-2016-2710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2710", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2710", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2794.json b/2016/2xxx/CVE-2016-2794.json index 55907c8149a..7e6179832ed 100644 --- a/2016/2xxx/CVE-2016-2794.json +++ b/2016/2xxx/CVE-2016-2794.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243526", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243526" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "DSA-3515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3515" - }, - { - "name" : "DSA-3520", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3520" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201701-63", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-63" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "USN-2927-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2927-1" - }, - { - "name" : "84222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84222" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "84222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84222" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243526", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243526" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "USN-2927-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2927-1" + }, + { + "name": "DSA-3520", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3520" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3515" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "GLSA-201701-63", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-63" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6028.json b/2016/6xxx/CVE-2016-6028.json index 90cb33745c3..c85dc5e0e5e 100644 --- a/2016/6xxx/CVE-2016-6028.json +++ b/2016/6xxx/CVE-2016-6028.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21996097", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21996097" - }, - { - "name" : "95111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95111" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6279.json b/2016/6xxx/CVE-2016-6279.json index 317b9950273..37f10f2c508 100644 --- a/2016/6xxx/CVE-2016-6279.json +++ b/2016/6xxx/CVE-2016-6279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6807.json b/2016/6xxx/CVE-2016-6807.json index f24e56d2f7d..9493762fb2f 100644 --- a/2016/6xxx/CVE-2016-6807.json +++ b/2016/6xxx/CVE-2016-6807.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-6807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ambari", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.x before 2.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "missing authorization check" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-6807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ambari", + "version": { + "version_data": [ + { + "version_value": "2.4.x before 2.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2" - }, - { - "name" : "97184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "missing authorization check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97184" + }, + { + "name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7146.json b/2016/7xxx/CVE-2016-7146.json index edc9284d3fa..a3eecfa59c8 100644 --- a/2016/7xxx/CVE-2016-7146.json +++ b/2016/7xxx/CVE-2016-7146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", - "refsource" : "MISC", - "url" : "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" - }, - { - "name" : "DSA-3715", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3715" - }, - { - "name" : "USN-3137-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3137-1" - }, - { - "name" : "94259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3137-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3137-1" + }, + { + "name": "94259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94259" + }, + { + "name": "DSA-3715", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3715" + }, + { + "name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", + "refsource": "MISC", + "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5541.json b/2017/5xxx/CVE-2017-5541.json index 5f133135f6a..9b259b52c3e 100644 --- a/2017/5xxx/CVE-2017-5541.json +++ b/2017/5xxx/CVE-2017-5541.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/symphonycms/symphony-2/issues/2639", - "refsource" : "CONFIRM", - "url" : "https://github.com/symphonycms/symphony-2/issues/2639" - }, - { - "name" : "https://github.com/symphonycms/symphony-2/releases/tag/2.6.10", - "refsource" : "CONFIRM", - "url" : "https://github.com/symphonycms/symphony-2/releases/tag/2.6.10" - }, - { - "name" : "95689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/symphonycms/symphony-2/releases/tag/2.6.10", + "refsource": "CONFIRM", + "url": "https://github.com/symphonycms/symphony-2/releases/tag/2.6.10" + }, + { + "name": "https://github.com/symphonycms/symphony-2/issues/2639", + "refsource": "CONFIRM", + "url": "https://github.com/symphonycms/symphony-2/issues/2639" + }, + { + "name": "95689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95689" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5907.json b/2017/5xxx/CVE-2017-5907.json index 45ded3924bc..22237a6e0f2 100644 --- a/2017/5xxx/CVE-2017-5907.json +++ b/2017/5xxx/CVE-2017-5907.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file