diff --git a/2006/0xxx/CVE-2006-0411.json b/2006/0xxx/CVE-2006-0411.json index 5e0f0ea1529..25fb093b9c2 100644 --- a/2006/0xxx/CVE-2006-0411.json +++ b/2006/0xxx/CVE-2006-0411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060120 Claroline 1.7.2, sso identification vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422482" - }, - { - "name" : "16341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16341" - }, - { - "name" : "ADV-2006-0320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0320" - }, - { - "name" : "18588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18588" - }, - { - "name" : "claroline-cookie-bypass-security(24326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060120 Claroline 1.7.2, sso identification vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422482" + }, + { + "name": "16341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16341" + }, + { + "name": "claroline-cookie-bypass-security(24326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24326" + }, + { + "name": "18588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18588" + }, + { + "name": "ADV-2006-0320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0320" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0426.json b/2006/0xxx/CVE-2006-0426.json index a01d1129df5..b80f0db5c75 100644 --- a/2006/0xxx/CVE-2006-0426.json +++ b/2006/0xxx/CVE-2006-0426.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-113.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/170" - }, - { - "name" : "16358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16358" - }, - { - "name" : "ADV-2006-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0313" - }, - { - "name" : "22775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22775" - }, - { - "name" : "1015528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015528" - }, - { - "name" : "18592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18592" - }, - { - "name" : "weblogic-password-information-disclosure(24290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0313" + }, + { + "name": "22775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22775" + }, + { + "name": "1015528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015528" + }, + { + "name": "18592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18592" + }, + { + "name": "16358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16358" + }, + { + "name": "weblogic-password-information-disclosure(24290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24290" + }, + { + "name": "BEA06-113.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/170" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0948.json b/2006/0xxx/CVE-2006-0948.json index edee2bb6a06..dda9513c6ed 100644 --- a/2006/0xxx/CVE-2006-0948.json +++ b/2006/0xxx/CVE-2006-0948.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 Secunia Research: AOL Insecure Default Directory Permissions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443622/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-08", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-08" - }, - { - "name" : "19583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19583" - }, - { - "name" : "ADV-2006-3317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3317" - }, - { - "name" : "27995", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27995" - }, - { - "name" : "1016717", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016717" - }, - { - "name" : "18734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18734" - }, - { - "name" : "1416", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1416" - }, - { - "name" : "aol-default-insecure-permissions(28445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-08", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-08" + }, + { + "name": "ADV-2006-3317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3317" + }, + { + "name": "aol-default-insecure-permissions(28445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445" + }, + { + "name": "18734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18734" + }, + { + "name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded" + }, + { + "name": "1416", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1416" + }, + { + "name": "27995", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27995" + }, + { + "name": "19583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19583" + }, + { + "name": "1016717", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016717" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1365.json b/2006/1xxx/CVE-2006-1365.json index 04a0f2977b3..8354b0b634d 100644 --- a/2006/1xxx/CVE-2006-1365.json +++ b/2006/1xxx/CVE-2006-1365.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a \"HeloMoto\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trifinite.org/trifinite_stuff_helomoto.html", - "refsource" : "MISC", - "url" : "http://trifinite.org/trifinite_stuff_helomoto.html" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2006-0321a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2006-0321a].txt" - }, - { - "name" : "20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428431/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a \"HeloMoto\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trifinite.org/trifinite_stuff_helomoto.html", + "refsource": "MISC", + "url": "http://trifinite.org/trifinite_stuff_helomoto.html" + }, + { + "name": "20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428431/100/0/threaded" + }, + { + "name": "http://www.digitalmunition.com/DMA[2006-0321a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2006-0321a].txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1452.json b/2006/1xxx/CVE-2006-1452.json index d8d640a7a33..06634307846 100644 --- a/2006/1xxx/CVE-2006-1452.json +++ b/2006/1xxx/CVE-2006-1452.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25596", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25596" - }, - { - "name" : "1016076", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016076" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-preview-directory-bo(26422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "macos-preview-directory-bo(26422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26422" + }, + { + "name": "1016076", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016076" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "25596", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25596" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1708.json b/2006/1xxx/CVE-2006-1708.json index 5bd665fe2bd..e1713a5ca31 100644 --- a/2006/1xxx/CVE-2006-1708.json +++ b/2006/1xxx/CVE-2006-1708.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1662", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1662" - }, - { - "name" : "17456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17456" - }, - { - "name" : "ADV-2006-1295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1295" - }, - { - "name" : "1015935", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015935" - }, - { - "name" : "19609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19609" - }, - { - "name" : "clansys-index-sql-injection(25746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015935", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015935" + }, + { + "name": "clansys-index-sql-injection(25746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25746" + }, + { + "name": "1662", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1662" + }, + { + "name": "ADV-2006-1295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1295" + }, + { + "name": "17456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17456" + }, + { + "name": "19609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19609" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1807.json b/2006/1xxx/CVE-2006-1807.json index c62e1b7f7b1..9e3a1ad0476 100644 --- a/2006/1xxx/CVE-2006-1807.json +++ b/2006/1xxx/CVE-2006-1807.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441000/100/0/threaded" - }, - { - "name" : "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html" - }, - { - "name" : "17545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17545" - }, - { - "name" : "ADV-2006-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1373" - }, - { - "name" : "19672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19672" - }, - { - "name" : "musicbox-multiple-sql-injection(27926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27926" - }, - { - "name" : "musicbox-index-sql-injection(25836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "musicbox-index-sql-injection(25836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25836" + }, + { + "name": "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441000/100/0/threaded" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html" + }, + { + "name": "17545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17545" + }, + { + "name": "musicbox-multiple-sql-injection(27926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27926" + }, + { + "name": "ADV-2006-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1373" + }, + { + "name": "19672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19672" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5305.json b/2006/5xxx/CVE-2006-5305.json index 57574906adc..ca028678368 100644 --- a/2006/5xxx/CVE-2006-5305.json +++ b/2006/5xxx/CVE-2006-5305.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448660/100/0/threaded" - }, - { - "name" : "2546", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2546" - }, - { - "name" : "20513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20513" - }, - { - "name" : "ADV-2006-4050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4050" - }, - { - "name" : "22432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22432" - }, - { - "name" : "1729", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1729" - }, - { - "name" : "lat2cyr-phpbbrootpath-file-include(29572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2546", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2546" + }, + { + "name": "lat2cyr-phpbbrootpath-file-include(29572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29572" + }, + { + "name": "22432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22432" + }, + { + "name": "1729", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1729" + }, + { + "name": "20513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20513" + }, + { + "name": "ADV-2006-4050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4050" + }, + { + "name": "20061012 phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448660/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5460.json b/2006/5xxx/CVE-2006-5460.json index 886fa2b13ac..b67f5fb6b1a 100644 --- a/2006/5xxx/CVE-2006-5460.json +++ b/2006/5xxx/CVE-2006-5460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 PHPht Topsites Remote File İnclude", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448610/100/100/threaed" - }, - { - "name" : "1759", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1759", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1759" + }, + { + "name": "20061012 PHPht Topsites Remote File İnclude", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448610/100/100/threaed" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0253.json b/2010/0xxx/CVE-2010-0253.json index 9e9a0fa65da..8711c50340b 100644 --- a/2010/0xxx/CVE-2010-0253.json +++ b/2010/0xxx/CVE-2010-0253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0253", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-0253", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0407.json b/2010/0xxx/CVE-2010-0407.json index d476b6f8ec5..a5d1fb36bf0 100644 --- a/2010/0xxx/CVE-2010-0407.json +++ b/2010/0xxx/CVE-2010-0407.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-2059", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2059" - }, - { - "name" : "FEDORA-2010-10014", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" - }, - { - "name" : "FEDORA-2010-9995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" - }, - { - "name" : "FEDORA-2010-10764", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "40758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40758" - }, - { - "name" : "40140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40140" - }, - { - "name" : "40239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40239" - }, - { - "name" : "ADV-2010-1427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1427" - }, - { - "name" : "ADV-2010-1508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40758" + }, + { + "name": "DSA-2059", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2059" + }, + { + "name": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208" + }, + { + "name": "40239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40239" + }, + { + "name": "FEDORA-2010-10764", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html" + }, + { + "name": "40140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40140" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "ADV-2010-1427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1427" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" + }, + { + "name": "FEDORA-2010-9995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" + }, + { + "name": "ADV-2010-1508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1508" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" + }, + { + "name": "FEDORA-2010-10014", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0419.json b/2010/0xxx/CVE-2010-0419.json index b3e5043847b..861564c5032 100644 --- a/2010/0xxx/CVE-2010-0419.json +++ b/2010/0xxx/CVE-2010-0419.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=563463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=563463" - }, - { - "name" : "RHSA-2010:0126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0126.html" - }, - { - "name" : "38467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38467" - }, - { - "name" : "oval:org.mitre.oval:def:10139", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139" - }, - { - "name" : "1023663", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023663" - }, - { - "name" : "kernel-selectors-privilege-escalation(56662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38467" + }, + { + "name": "kernel-selectors-privilege-escalation(56662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662" + }, + { + "name": "RHSA-2010:0126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=563463", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463" + }, + { + "name": "1023663", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023663" + }, + { + "name": "oval:org.mitre.oval:def:10139", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0636.json b/2010/0xxx/CVE-2010-0636.json index 3f150d4d8e4..d5cb7356b4a 100644 --- a/2010/0xxx/CVE-2010-0636.json +++ b/2010/0xxx/CVE-2010-0636.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/133/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/133/45/" - }, - { - "name" : "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", - "refsource" : "CONFIRM", - "url" : "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2" - }, - { - "name" : "38053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38053" - }, - { - "name" : "38222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", + "refsource": "CONFIRM", + "url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2" + }, + { + "name": "38222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38222" + }, + { + "name": "38053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38053" + }, + { + "name": "http://holisticinfosec.org/content/view/133/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/133/45/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0716.json b/2010/0xxx/CVE-2010-0716.json index ae267648205..473c6b8606e 100644 --- a/2010/0xxx/CVE-2010-0716.json +++ b/2010/0xxx/CVE-2010-0716.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509683/100/0/threaded" - }, - { - "name" : "http://www.hacktics.com/content/advisories/AdvMS20100222.html", - "refsource" : "MISC", - "url" : "http://www.hacktics.com/content/advisories/AdvMS20100222.html" - }, - { - "name" : "sharepoint-aspx-xss(56597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sharepoint-aspx-xss(56597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597" + }, + { + "name": "http://www.hacktics.com/content/advisories/AdvMS20100222.html", + "refsource": "MISC", + "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html" + }, + { + "name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0882.json b/2010/0xxx/CVE-2010-0882.json index d75c4776cce..3cabe55530a 100644 --- a/2010/0xxx/CVE-2010-0882.json +++ b/2010/0xxx/CVE-2010-0882.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "1020726", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020726.1-1" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "oval:org.mitre.oval:def:7023", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7023" - }, - { - "name" : "osps-solaris-unspecified(57747)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7023", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7023" + }, + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "osps-solaris-unspecified(57747)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57747" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "1020726", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020726.1-1" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0936.json b/2010/0xxx/CVE-2010-0936.json index 2ed2f6ef015..1eca0c325cd 100644 --- a/2010/0xxx/CVE-2010-0936.json +++ b/2010/0xxx/CVE-2010-0936.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11030", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11030" - }, - { - "name" : "37646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37646" - }, - { - "name" : "61615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61615" - }, - { - "name" : "38051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38051" - }, - { - "name" : "ADV-2010-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0083" - }, - { - "name" : "dkvmip8-auth-xss(55429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37646" + }, + { + "name": "11030", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11030" + }, + { + "name": "ADV-2010-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0083" + }, + { + "name": "38051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38051" + }, + { + "name": "61615", + "refsource": "OSVDB", + "url": "http://osvdb.org/61615" + }, + { + "name": "dkvmip8-auth-xss(55429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3174.json b/2010/3xxx/CVE-2010-3174.json index 8f1d208e895..fee7eeb2214 100644 --- a/2010/3xxx/CVE-2010-3174.json +++ b/2010/3xxx/CVE-2010-3174.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476547", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476547" - }, - { - "name" : "DSA-2124", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2124" - }, - { - "name" : "MDVSA-2010:210", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" - }, - { - "name" : "MDVSA-2010:211", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211" - }, - { - "name" : "oval:org.mitre.oval:def:11517", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:210", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html" + }, + { + "name": "MDVSA-2010:211", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211" + }, + { + "name": "DSA-2124", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2124" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=476547", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=476547" + }, + { + "name": "oval:org.mitre.oval:def:11517", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11517" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3370.json b/2010/3xxx/CVE-2010-3370.json index 25d9c75d021..a2ef63d7b24 100644 --- a/2010/3xxx/CVE-2010-3370.json +++ b/2010/3xxx/CVE-2010-3370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3440.json b/2010/3xxx/CVE-2010-3440.json index a2f973a0288..791551d8494 100644 --- a/2010/3xxx/CVE-2010-3440.json +++ b/2010/3xxx/CVE-2010-3440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3440", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3440", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3478.json b/2010/3xxx/CVE-2010-3478.json index 9c70ee528f1..925818f5f24 100644 --- a/2010/3xxx/CVE-2010-3478.json +++ b/2010/3xxx/CVE-2010-3478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4045.json b/2010/4xxx/CVE-2010-4045.json index c61ecb6c7b2..8734955d94c 100644 --- a/2010/4xxx/CVE-2010-4045.json +++ b/2010/4xxx/CVE-2010-4045.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1063/" - }, - { - "name" : "http://www.opera.com/support/kb/view/973/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/973/" - }, - { - "name" : "oval:org.mitre.oval:def:12071", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12071" - }, - { - "name" : "1024570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024570" - }, - { - "name" : "41740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/973/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/973/" + }, + { + "name": "1024570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024570" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1063/" + }, + { + "name": "41740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41740" + }, + { + "name": "oval:org.mitre.oval:def:12071", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12071" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1063/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4047.json b/2010/4xxx/CVE-2010-4047.json index 2c612f1713c..fb72bd7c500 100644 --- a/2010/4xxx/CVE-2010-4047.json +++ b/2010/4xxx/CVE-2010-4047.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1063/" - }, - { - "name" : "http://www.opera.com/support/kb/view/976/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/976/" - }, - { - "name" : "oval:org.mitre.oval:def:12115", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12115" - }, - { - "name" : "1024570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024570" - }, - { - "name" : "41740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024570" + }, + { + "name": "oval:org.mitre.oval:def:12115", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12115" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1063/" + }, + { + "name": "http://www.opera.com/support/kb/view/976/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/976/" + }, + { + "name": "41740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41740" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1063/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4923.json b/2010/4xxx/CVE-2010-4923.json index bd31bc4a77c..debe6b9229f 100644 --- a/2010/4xxx/CVE-2010-4923.json +++ b/2010/4xxx/CVE-2010-4923.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/vbs-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/vbs-sql.txt" - }, - { - "name" : "43275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43275" - }, - { - "name" : "35375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35375" - }, - { - "name" : "8460", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8460", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8460" + }, + { + "name": "http://packetstormsecurity.org/0908-exploits/vbs-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/vbs-sql.txt" + }, + { + "name": "35375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35375" + }, + { + "name": "43275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43275" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10070.json b/2014/10xxx/CVE-2014-10070.json index 8ada5e2c070..6d36b636eb8 100644 --- a/2014/10xxx/CVE-2014-10070.json +++ b/2014/10xxx/CVE-2014-10070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where \"env_reset\" has been disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zsh.sourceforge.net/releases.html", - "refsource" : "MISC", - "url" : "http://zsh.sourceforge.net/releases.html" - }, - { - "name" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72" - }, - { - "name" : "USN-3593-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3593-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where \"env_reset\" has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3593-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3593-1/" + }, + { + "name": "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72", + "refsource": "MISC", + "url": "https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72" + }, + { + "name": "http://zsh.sourceforge.net/releases.html", + "refsource": "MISC", + "url": "http://zsh.sourceforge.net/releases.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3125.json b/2014/3xxx/CVE-2014-3125.json index a04f79c5fcc..94aff81ef2e 100644 --- a/2014/3xxx/CVE-2014-3125.json +++ b/2014/3xxx/CVE-2014-3125.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/30/11" - }, - { - "name" : "[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/30/5" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-91.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-91.html" - }, - { - "name" : "67157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67157" - }, - { - "name" : "1030184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030184" - }, - { - "name" : "58347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67157" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-91.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-91.html" + }, + { + "name": "[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/30/5" + }, + { + "name": "1030184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030184" + }, + { + "name": "[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/30/11" + }, + { + "name": "58347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58347" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3912.json b/2014/3xxx/CVE-2014-3912.json index af20a01fcc7..0fc1049f0e5 100644 --- a/2014/3xxx/CVE-2014-3912.json +++ b/2014/3xxx/CVE-2014-3912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-169", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-169" - }, - { - "name" : "67823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-169", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-169" + }, + { + "name": "67823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67823" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4126.json b/2014/4xxx/CVE-2014-4126.json index e4a4a22381e..a428b81cab0 100644 --- a/2014/4xxx/CVE-2014-4126.json +++ b/2014/4xxx/CVE-2014-4126.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141014 Microsoft Internet Explorer 11 CTransientLookaside Double Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1078" - }, - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70328" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "70328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70328" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + }, + { + "name": "20141014 Microsoft Internet Explorer 11 CTransientLookaside Double Free Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1078" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4743.json b/2014/4xxx/CVE-2014-4743.json index 24509947454..2e5e9cdb249 100644 --- a/2014/4xxx/CVE-2014-4743.json +++ b/2014/4xxx/CVE-2014-4743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html", - "refsource" : "CONFIRM", - "url" : "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html" - }, - { - "name" : "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180", - "refsource" : "CONFIRM", - "url" : "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180" - }, - { - "name" : "68498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68498" - }, - { - "name" : "59540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180", + "refsource": "CONFIRM", + "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180" + }, + { + "name": "59540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59540" + }, + { + "name": "68498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68498" + }, + { + "name": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html", + "refsource": "CONFIRM", + "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8424.json b/2014/8xxx/CVE-2014-8424.json index 4e80c1c10aa..740ff184660 100644 --- a/2014/8xxx/CVE-2014-8424.json +++ b/2014/8xxx/CVE-2014-8424.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-388/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-388/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-388/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-388/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8567.json b/2014/8xxx/CVE-2014-8567.json index e5d0f53d88a..c6d53969994 100644 --- a/2014/8xxx/CVE-2014-8567.json +++ b/2014/8xxx/CVE-2014-8567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[modmellon] 20141103 Information disclosure vulnerability in version 0.8.0 of mod_auth_mellon", - "refsource" : "MLIST", - "url" : "https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html" - }, - { - "name" : "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647", - "refsource" : "CONFIRM", - "url" : "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1803.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1803.html" - }, - { - "name" : "RHSA-2014:1803", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1803.html" - }, - { - "name" : "62094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62094" - }, - { - "name" : "62125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1803.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1803.html" + }, + { + "name": "RHSA-2014:1803", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1803.html" + }, + { + "name": "62094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62094" + }, + { + "name": "62125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62125" + }, + { + "name": "[modmellon] 20141103 Information disclosure vulnerability in version 0.8.0 of mod_auth_mellon", + "refsource": "MLIST", + "url": "https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html" + }, + { + "name": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647", + "refsource": "CONFIRM", + "url": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8985.json b/2014/8xxx/CVE-2014-8985.json index b5e9c2c1be1..c7c82f22f62 100644 --- a/2014/8xxx/CVE-2014-8985.json +++ b/2014/8xxx/CVE-2014-8985.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-8985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "70937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70937" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9104.json b/2014/9xxx/CVE-2014-9104.json index 51c704437e6..19b36d56a31 100644 --- a/2014/9xxx/CVE-2014-9104.json +++ b/2014/9xxx/CVE-2014-9104.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532795/100/0/threaded" - }, - { - "name" : "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/76" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt" - }, - { - "name" : "https://www.youtube.com/watch?v=qhgysgfvQh8", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=qhgysgfvQh8" - }, - { - "name" : "http://openvpn.net/index.php/access-server/security-advisories.html", - "refsource" : "CONFIRM", - "url" : "http://openvpn.net/index.php/access-server/security-advisories.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded" + }, + { + "name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/76" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt" + }, + { + "name": "http://openvpn.net/index.php/access-server/security-advisories.html", + "refsource": "CONFIRM", + "url": "http://openvpn.net/index.php/access-server/security-advisories.html" + }, + { + "name": "https://www.youtube.com/watch?v=qhgysgfvQh8", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=qhgysgfvQh8" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9110.json b/2014/9xxx/CVE-2014-9110.json index 3668a4ae62e..9abf3cf572f 100644 --- a/2014/9xxx/CVE-2014-9110.json +++ b/2014/9xxx/CVE-2014-9110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9721.json b/2014/9xxx/CVE-2014-9721.json index 56c525d1426..cc20eff96c9 100644 --- a/2014/9xxx/CVE-2014-9721.json +++ b/2014/9xxx/CVE-2014-9721.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zeromq/libzmq/issues/1273", - "refsource" : "CONFIRM", - "url" : "https://github.com/zeromq/libzmq/issues/1273" - }, - { - "name" : "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51", - "refsource" : "CONFIRM", - "url" : "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51" - }, - { - "name" : "DSA-3255", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3255" - }, - { - "name" : "FEDORA-2015-8635", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html" - }, - { - "name" : "openSUSE-SU-2015:1028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51", + "refsource": "CONFIRM", + "url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51" + }, + { + "name": "DSA-3255", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3255" + }, + { + "name": "FEDORA-2015-8635", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html" + }, + { + "name": "openSUSE-SU-2015:1028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html" + }, + { + "name": "https://github.com/zeromq/libzmq/issues/1273", + "refsource": "CONFIRM", + "url": "https://github.com/zeromq/libzmq/issues/1273" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2307.json b/2016/2xxx/CVE-2016-2307.json index 04ec20f2b84..c11ee780920 100644 --- a/2016/2xxx/CVE-2016-2307.json +++ b/2016/2xxx/CVE-2016-2307.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2347.json b/2016/2xxx/CVE-2016-2347.json index 24f065a01c8..d7f5ac821d6 100644 --- a/2016/2xxx/CVE-2016-2347.json +++ b/2016/2xxx/CVE-2016-2347.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0095/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0095/" - }, - { - "name" : "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564", - "refsource" : "CONFIRM", - "url" : "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564" - }, - { - "name" : "https://github.com/fragglet/lhasa/releases/tag/v0.3.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/fragglet/lhasa/releases/tag/v0.3.1" - }, - { - "name" : "DSA-3540", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3540" - }, - { - "name" : "openSUSE-SU-2016:1027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1", + "refsource": "CONFIRM", + "url": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0095/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0095/" + }, + { + "name": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564", + "refsource": "CONFIRM", + "url": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564" + }, + { + "name": "openSUSE-SU-2016:1027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html" + }, + { + "name": "openSUSE-SU-2016:1029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html" + }, + { + "name": "DSA-3540", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3540" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2984.json b/2016/2xxx/CVE-2016-2984.json index 1fdf229f6bd..8e658f126a0 100644 --- a/2016/2xxx/CVE-2016-2984.json +++ b/2016/2xxx/CVE-2016-2984.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994" - }, - { - "name" : "92410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92410" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3158.json b/2016/3xxx/CVE-2016-3158.json index 56ad8de776c..34b26f6a368 100644 --- a/2016/3xxx/CVE-2016-3158.json +++ b/2016/3xxx/CVE-2016-3158.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-172.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-172.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa172-4.3.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa172-4.3.patch" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa172.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa172.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://support.citrix.com/article/CTX209443", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX209443" - }, - { - "name" : "DSA-3554", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3554" - }, - { - "name" : "FEDORA-2016-5f196e4e4a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html" - }, - { - "name" : "FEDORA-2016-e5432ca977", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html" - }, - { - "name" : "85714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85714" - }, - { - "name" : "1035435", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "FEDORA-2016-5f196e4e4a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html" + }, + { + "name": "85714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85714" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa172-4.3.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa172-4.3.patch" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-172.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-172.html" + }, + { + "name": "FEDORA-2016-e5432ca977", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa172.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa172.patch" + }, + { + "name": "1035435", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035435" + }, + { + "name": "http://support.citrix.com/article/CTX209443", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX209443" + }, + { + "name": "DSA-3554", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3554" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3207.json b/2016/3xxx/CVE-2016-3207.json index 955a561126e..eb415d2ccc2 100644 --- a/2016/3xxx/CVE-2016-3207.json +++ b/2016/3xxx/CVE-2016-3207.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3205 and CVE-2016-3206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" - }, - { - "name" : "MS16-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069" - }, - { - "name" : "1036096", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036096" - }, - { - "name" : "1036097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3205 and CVE-2016-3206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036097" + }, + { + "name": "MS16-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" + }, + { + "name": "1036096", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036096" + }, + { + "name": "MS16-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3535.json b/2016/3xxx/CVE-2016-3535.json index 25052bcbffd..5d822fe54a8 100644 --- a/2016/3xxx/CVE-2016-3535.json +++ b/2016/3xxx/CVE-2016-3535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91845" - }, - { - "name" : "1036403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" + }, + { + "name": "91845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91845" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036403" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3593.json b/2016/3xxx/CVE-2016-3593.json index c3b80a15909..4250447474d 100644 --- a/2016/3xxx/CVE-2016-3593.json +++ b/2016/3xxx/CVE-2016-3593.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91908" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91908" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6201.json b/2016/6xxx/CVE-2016-6201.json index e4071ad66ff..1edb081dbd8 100644 --- a/2016/6xxx/CVE-2016-6201.json +++ b/2016/6xxx/CVE-2016-6201.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/143014/Ektron-CMS-9.10SP1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143014/Ektron-CMS-9.10SP1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/143014/Ektron-CMS-9.10SP1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143014/Ektron-CMS-9.10SP1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6374.json b/2016/6xxx/CVE-2016-6374.json index d6053b461e5..e492a359d06 100644 --- a/2016/6xxx/CVE-2016-6374.json +++ b/2016/6xxx/CVE-2016-6374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160921 Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2" - }, - { - "name" : "93095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93095" - }, - { - "name" : "1036864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93095" + }, + { + "name": "20160921 Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2" + }, + { + "name": "1036864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036864" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6414.json b/2016/6xxx/CVE-2016-6414.json index 17fe6507fd6..00994cf3888 100644 --- a/2016/6xxx/CVE-2016-6414.json +++ b/2016/6xxx/CVE-2016-6414.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160921 Cisco IOS and IOS XE iox Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox" - }, - { - "name" : "93091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93091" - }, - { - "name" : "1036876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036876" + }, + { + "name": "93091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93091" + }, + { + "name": "20160921 Cisco IOS and IOS XE iox Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6596.json b/2016/6xxx/CVE-2016-6596.json index 04adb4f0588..305e282dec2 100644 --- a/2016/6xxx/CVE-2016-6596.json +++ b/2016/6xxx/CVE-2016-6596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6982.json b/2016/6xxx/CVE-2016-6982.json index bd08915efac..3458aa42552 100644 --- a/2016/6xxx/CVE-2016-6982.json +++ b/2016/6xxx/CVE-2016-6982.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7179.json b/2016/7xxx/CVE-2016-7179.json index b46b68e8fd9..2ae87c2bde2 100644 --- a/2016/7xxx/CVE-2016-7179.json +++ b/2016/7xxx/CVE-2016-7179.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12752", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12752" - }, - { - "name" : "https://code.wireshark.org/review/17095", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/17095" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-54.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-54.html" - }, - { - "name" : "DSA-3671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3671" - }, - { - "name" : "1036760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12752", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12752" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-54.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-54.html" + }, + { + "name": "1036760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036760" + }, + { + "name": "DSA-3671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3671" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7" + }, + { + "name": "https://code.wireshark.org/review/17095", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/17095" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7308.json b/2016/7xxx/CVE-2016-7308.json index 4e1590eecf8..947eb3695fe 100644 --- a/2016/7xxx/CVE-2016-7308.json +++ b/2016/7xxx/CVE-2016-7308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7308", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7308", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7322.json b/2016/7xxx/CVE-2016-7322.json index fd48d3cee99..9efd13e6fcc 100644 --- a/2016/7xxx/CVE-2016-7322.json +++ b/2016/7xxx/CVE-2016-7322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7322", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7322", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7655.json b/2016/7xxx/CVE-2016-7655.json index d397c724b36..9c92a1e21ce 100644 --- a/2016/7xxx/CVE-2016-7655.json +++ b/2016/7xxx/CVE-2016-7655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"CoreMedia External Displays\" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94906" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"CoreMedia External Displays\" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94906" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7805.json b/2016/7xxx/CVE-2016-7805.json index 2b9900f1953..9778b379c2b 100644 --- a/2016/7xxx/CVE-2016-7805.json +++ b/2016/7xxx/CVE-2016-7805.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mobiGate App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "version 2.2.1.2 and earlier" - } - ] - } - }, - { - "product_name" : "mobiGate App for iOS", - "version" : { - "version_data" : [ - { - "version_value" : "version 2.2.4.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Nihon Unisys, Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to verify SSL certificates" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mobiGate App for Android", + "version": { + "version_data": [ + { + "version_value": "version 2.2.1.2 and earlier" + } + ] + } + }, + { + "product_name": "mobiGate App for iOS", + "version": { + "version_data": [ + { + "version_value": "version 2.2.4.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Nihon Unisys, Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#27260483", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN27260483/index.html" - }, - { - "name" : "94085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94085" + }, + { + "name": "JVN#27260483", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN27260483/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7849.json b/2016/7xxx/CVE-2016-7849.json index 7cb596214bf..2cf27d21c34 100644 --- a/2016/7xxx/CVE-2016-7849.json +++ b/2016/7xxx/CVE-2016-7849.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7849", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7849", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file