From eb3d00d11faff514afa532111b38409f30833625 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:06:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1382.json | 190 +++++++++++----------- 2006/1xxx/CVE-2006-1527.json | 290 ++++++++++++++++----------------- 2006/1xxx/CVE-2006-1744.json | 180 ++++++++++----------- 2006/5xxx/CVE-2006-5155.json | 160 +++++++++---------- 2006/5xxx/CVE-2006-5194.json | 150 +++++++++--------- 2006/5xxx/CVE-2006-5224.json | 160 +++++++++---------- 2006/5xxx/CVE-2006-5833.json | 190 +++++++++++----------- 2007/2xxx/CVE-2007-2289.json | 140 ++++++++-------- 2007/2xxx/CVE-2007-2290.json | 180 ++++++++++----------- 2007/2xxx/CVE-2007-2328.json | 150 +++++++++--------- 2007/2xxx/CVE-2007-2330.json | 170 ++++++++++---------- 2007/2xxx/CVE-2007-2601.json | 160 +++++++++---------- 2007/2xxx/CVE-2007-2653.json | 34 ++-- 2007/2xxx/CVE-2007-2862.json | 160 +++++++++---------- 2010/0xxx/CVE-2010-0651.json | 280 ++++++++++++++++---------------- 2010/0xxx/CVE-2010-0656.json | 300 +++++++++++++++++------------------ 2010/0xxx/CVE-2010-0689.json | 200 +++++++++++------------ 2010/0xxx/CVE-2010-0805.json | 200 +++++++++++------------ 2010/0xxx/CVE-2010-0992.json | 150 +++++++++--------- 2010/1xxx/CVE-2010-1210.json | 140 ++++++++-------- 2010/1xxx/CVE-2010-1256.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1278.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1707.json | 130 +++++++-------- 2010/1xxx/CVE-2010-1873.json | 180 ++++++++++----------- 2010/3xxx/CVE-2010-3275.json | 250 ++++++++++++++--------------- 2010/4xxx/CVE-2010-4319.json | 34 ++-- 2010/4xxx/CVE-2010-4441.json | 180 ++++++++++----------- 2010/4xxx/CVE-2010-4619.json | 150 +++++++++--------- 2010/4xxx/CVE-2010-4919.json | 140 ++++++++-------- 2010/5xxx/CVE-2010-5222.json | 120 +++++++------- 2014/0xxx/CVE-2014-0044.json | 150 +++++++++--------- 2014/0xxx/CVE-2014-0595.json | 140 ++++++++-------- 2014/0xxx/CVE-2014-0622.json | 160 +++++++++---------- 2014/0xxx/CVE-2014-0919.json | 190 +++++++++++----------- 2014/1xxx/CVE-2014-1815.json | 120 +++++++------- 2014/1xxx/CVE-2014-1845.json | 160 +++++++++---------- 2014/4xxx/CVE-2014-4179.json | 34 ++-- 2014/4xxx/CVE-2014-4324.json | 34 ++-- 2014/9xxx/CVE-2014-9194.json | 120 +++++++------- 2014/9xxx/CVE-2014-9359.json | 34 ++-- 2014/9xxx/CVE-2014-9444.json | 140 ++++++++-------- 2014/9xxx/CVE-2014-9846.json | 230 +++++++++++++-------------- 2014/9xxx/CVE-2014-9883.json | 140 ++++++++-------- 2016/3xxx/CVE-2016-3061.json | 34 ++-- 2016/3xxx/CVE-2016-3218.json | 130 +++++++-------- 2016/3xxx/CVE-2016-3440.json | 150 +++++++++--------- 2016/3xxx/CVE-2016-3805.json | 120 +++++++------- 2016/3xxx/CVE-2016-3902.json | 140 ++++++++-------- 2016/7xxx/CVE-2016-7224.json | 150 +++++++++--------- 2016/7xxx/CVE-2016-7356.json | 34 ++-- 2016/7xxx/CVE-2016-7590.json | 34 ++-- 2016/7xxx/CVE-2016-7689.json | 34 ++-- 2016/8xxx/CVE-2016-8632.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8654.json | 212 ++++++++++++------------- 2016/8xxx/CVE-2016-8840.json | 34 ++-- 2016/8xxx/CVE-2016-8900.json | 34 ++-- 2016/9xxx/CVE-2016-9071.json | 152 +++++++++--------- 57 files changed, 4074 insertions(+), 4074 deletions(-) diff --git a/2006/1xxx/CVE-2006-1382.json b/2006/1xxx/CVE-2006-1382.json index 98685545b20..c3130fb1311 100644 --- a/2006/1xxx/CVE-2006-1382.json +++ b/2006/1xxx/CVE-2006-1382.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070504 Remote File Include In Script impex", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467666/100/0/threaded" - }, - { - "name" : "20060323 XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044318.html" - }, - { - "name" : "17206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17206" - }, - { - "name" : "ADV-2006-1056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1056" - }, - { - "name" : "24070", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24070" - }, - { - "name" : "19352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19352" - }, - { - "name" : "impex-impexdata-file-include(25391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25391" - }, - { - "name" : "impex-systempath-file-include(34095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070504 Remote File Include In Script impex", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded" + }, + { + "name": "20060323 XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044318.html" + }, + { + "name": "ADV-2006-1056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1056" + }, + { + "name": "17206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17206" + }, + { + "name": "impex-systempath-file-include(34095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" + }, + { + "name": "19352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19352" + }, + { + "name": "impex-impexdata-file-include(25391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25391" + }, + { + "name": "24070", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24070" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1527.json b/2006/1xxx/CVE-2006-1527.json index 5edf74976ea..ca63cecb7fc 100644 --- a/2006/1xxx/CVE-2006-1527.json +++ b/2006/1xxx/CVE-2006-1527.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "MDKSA-2006:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17806" - }, - { - "name" : "oval:org.mitre.oval:def:10373", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10373" - }, - { - "name" : "ADV-2006-1632", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1632" - }, - { - "name" : "25229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25229" - }, - { - "name" : "19926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19926" - }, - { - "name" : "20157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20157" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "linux-sctp-netfilter-dos(26194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "ADV-2006-1632", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1632" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "25229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25229" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "linux-sctp-netfilter-dos(26194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26194" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "oval:org.mitre.oval:def:10373", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10373" + }, + { + "name": "17806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17806" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "19926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19926" + }, + { + "name": "MDKSA-2006:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" + }, + { + "name": "20157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20157" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1744.json b/2006/1xxx/CVE-2006-1744.json index 76f0fc833f3..a3997b09e3a 100644 --- a/2006/1xxx/CVE-2006-1744.json +++ b/2006/1xxx/CVE-2006-1744.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pulltheplug.org/fu/?q=node/56", - "refsource" : "MISC", - "url" : "http://www.pulltheplug.org/fu/?q=node/56" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989" - }, - { - "name" : "DSA-1036", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1036" - }, - { - "name" : "17401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17401" - }, - { - "name" : "24634", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24634" - }, - { - "name" : "19687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19687" - }, - { - "name" : "736", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989" + }, + { + "name": "http://www.pulltheplug.org/fu/?q=node/56", + "refsource": "MISC", + "url": "http://www.pulltheplug.org/fu/?q=node/56" + }, + { + "name": "736", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/736" + }, + { + "name": "DSA-1036", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1036" + }, + { + "name": "17401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17401" + }, + { + "name": "19687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19687" + }, + { + "name": "24634", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24634" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5155.json b/2006/5xxx/CVE-2006-5155.json index ea985e185a0..e65397cda8f 100644 --- a/2006/5xxx/CVE-2006-5155.json +++ b/2006/5xxx/CVE-2006-5155.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2455", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2455" - }, - { - "name" : "20265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20265" - }, - { - "name" : "ADV-2006-3864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3864" - }, - { - "name" : "22184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22184" - }, - { - "name" : "videodb-pdf-file-include(29260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3864" + }, + { + "name": "22184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22184" + }, + { + "name": "2455", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2455" + }, + { + "name": "20265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20265" + }, + { + "name": "videodb-pdf-file-include(29260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29260" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5194.json b/2006/5xxx/CVE-2006-5194.json index d7022537344..d0d394c2113 100644 --- a/2006/5xxx/CVE-2006-5194.json +++ b/2006/5xxx/CVE-2006-5194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061002 Re: net2ftp: a web based FTP client :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447535/100/0/threaded" - }, - { - "name" : "20313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20313" - }, - { - "name" : "ADV-2006-3890", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3890" - }, - { - "name" : "22255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061002 Re: net2ftp: a web based FTP client :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded" + }, + { + "name": "ADV-2006-3890", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3890" + }, + { + "name": "22255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22255" + }, + { + "name": "20313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20313" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5224.json b/2006/5xxx/CVE-2006-5224.json index bbe0cee0b4c..2cc2e07b80a 100644 --- a/2006/5xxx/CVE-2006-5224.json +++ b/2006/5xxx/CVE-2006-5224.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2480", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2480" - }, - { - "name" : "20370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20370" - }, - { - "name" : "ADV-2006-3926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3926" - }, - { - "name" : "22290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22290" - }, - { - "name" : "security-suite-logger-file-include(29321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "security-suite-logger-file-include(29321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29321" + }, + { + "name": "2480", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2480" + }, + { + "name": "20370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20370" + }, + { + "name": "ADV-2006-3926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3926" + }, + { + "name": "22290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22290" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5833.json b/2006/5xxx/CVE-2006-5833.json index 0761716a855..e7e799bbc26 100644 --- a/2006/5xxx/CVE-2006-5833.json +++ b/2006/5xxx/CVE-2006-5833.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061107 GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450785/100/0/threaded" - }, - { - "name" : "http://newhack.org/advisories/GreenBeastCMS.txt", - "refsource" : "MISC", - "url" : "http://newhack.org/advisories/GreenBeastCMS.txt" - }, - { - "name" : "20950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20950" - }, - { - "name" : "ADV-2006-4416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4416" - }, - { - "name" : "1017176", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017176" - }, - { - "name" : "22769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22769" - }, - { - "name" : "1841", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1841" - }, - { - "name" : "greenbeastcms-uploader-file-upload(30069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1841", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1841" + }, + { + "name": "greenbeastcms-uploader-file-upload(30069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30069" + }, + { + "name": "ADV-2006-4416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4416" + }, + { + "name": "http://newhack.org/advisories/GreenBeastCMS.txt", + "refsource": "MISC", + "url": "http://newhack.org/advisories/GreenBeastCMS.txt" + }, + { + "name": "22769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22769" + }, + { + "name": "20061107 GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450785/100/0/threaded" + }, + { + "name": "1017176", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017176" + }, + { + "name": "20950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20950" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2289.json b/2007/2xxx/CVE-2007-2289.json index 23f3558ba1d..4f94a0c2ef2 100644 --- a/2007/2xxx/CVE-2007-2289.json +++ b/2007/2xxx/CVE-2007-2289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 download engine V1.4.1 >> RFI (local)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466890/100/0/threaded" - }, - { - "name" : "35401", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35401" - }, - { - "name" : "downloadengine-insertlink-file-include(33918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070425 download engine V1.4.1 >> RFI (local)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466890/100/0/threaded" + }, + { + "name": "35401", + "refsource": "OSVDB", + "url": "http://osvdb.org/35401" + }, + { + "name": "downloadengine-insertlink-file-include(33918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33918" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2290.json b/2007/2xxx/CVE-2007-2290.json index b593a89410f..8757713a750 100644 --- a/2007/2xxx/CVE-2007-2290.json +++ b/2007/2xxx/CVE-2007-2290.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466860/100/0/threaded" - }, - { - "name" : "23659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23659" - }, - { - "name" : "35550", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35550" - }, - { - "name" : "35551", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35551" - }, - { - "name" : "35552", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35552" - }, - { - "name" : "2632", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2632" - }, - { - "name" : "b2-b2inc-file-include(33884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35550", + "refsource": "OSVDB", + "url": "http://osvdb.org/35550" + }, + { + "name": "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded" + }, + { + "name": "23659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23659" + }, + { + "name": "2632", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2632" + }, + { + "name": "35551", + "refsource": "OSVDB", + "url": "http://osvdb.org/35551" + }, + { + "name": "35552", + "refsource": "OSVDB", + "url": "http://osvdb.org/35552" + }, + { + "name": "b2-b2inc-file-include(33884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2328.json b/2007/2xxx/CVE-2007-2328.json index 24bf5895167..4b3938cb92d 100644 --- a/2007/2xxx/CVE-2007-2328.json +++ b/2007/2xxx/CVE-2007-2328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 phpMYTGP v v1.4b >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466845/100/0/threaded" - }, - { - "name" : "34161", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34161" - }, - { - "name" : "2636", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2636" - }, - { - "name" : "phpmytgp-addvip-file-include(33880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2636", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2636" + }, + { + "name": "phpmytgp-addvip-file-include(33880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33880" + }, + { + "name": "20070425 phpMYTGP v v1.4b >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466845/100/0/threaded" + }, + { + "name": "34161", + "refsource": "OSVDB", + "url": "http://osvdb.org/34161" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2330.json b/2007/2xxx/CVE-2007-2330.json index 7b0f342fa91..b10e2ec02df 100644 --- a/2007/2xxx/CVE-2007-2330.json +++ b/2007/2xxx/CVE-2007-2330.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 DynaTracker &v151>> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466843/100/0/threaded" - }, - { - "name" : "23667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23667" - }, - { - "name" : "34159", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34159" - }, - { - "name" : "34160", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34160" - }, - { - "name" : "2638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2638" - }, - { - "name" : "dynatracker-basepath-file-include(33873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34159", + "refsource": "OSVDB", + "url": "http://osvdb.org/34159" + }, + { + "name": "34160", + "refsource": "OSVDB", + "url": "http://osvdb.org/34160" + }, + { + "name": "dynatracker-basepath-file-include(33873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33873" + }, + { + "name": "2638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2638" + }, + { + "name": "23667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23667" + }, + { + "name": "20070425 DynaTracker &v151>> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466843/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2601.json b/2007/2xxx/CVE-2007-2601.json index d1c080b23bb..89513d8c7af 100644 --- a/2007/2xxx/CVE-2007-2601.json +++ b/2007/2xxx/CVE-2007-2601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3889" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html.", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html." - }, - { - "name" : "23907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23907" - }, - { - "name" : "36021", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36021" - }, - { - "name" : "gdivx-activex-avifixer-bo(34246)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gdivx-activex-avifixer-bo(34246)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34246" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html.", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html." + }, + { + "name": "3889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3889" + }, + { + "name": "36021", + "refsource": "OSVDB", + "url": "http://osvdb.org/36021" + }, + { + "name": "23907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23907" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2653.json b/2007/2xxx/CVE-2007-2653.json index ff9c2809817..03c8404fcdb 100644 --- a/2007/2xxx/CVE-2007-2653.json +++ b/2007/2xxx/CVE-2007-2653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2653", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason: This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users should reference CVE-2007-2438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-2653", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason: This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users should reference CVE-2007-2438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2862.json b/2007/2xxx/CVE-2007-2862.json index e8297bf7bdb..e211745be1b 100644 --- a/2007/2xxx/CVE-2007-2862.json +++ b/2007/2xxx/CVE-2007-2862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469301/100/0/threaded" - }, - { - "name" : "24100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24100" - }, - { - "name" : "38100", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38100" - }, - { - "name" : "2730", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2730" - }, - { - "name" : "cubecart-unspecified-sql-injection(34460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38100", + "refsource": "OSVDB", + "url": "http://osvdb.org/38100" + }, + { + "name": "cubecart-unspecified-sql-injection(34460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460" + }, + { + "name": "24100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24100" + }, + { + "name": "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469301/100/0/threaded" + }, + { + "name": "2730", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2730" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0651.json b/2010/0xxx/CVE-2010-0651.json index 8e1e7eec26a..8b97c30c88f 100644 --- a/2010/0xxx/CVE-2010-0651.json +++ b/2010/0xxx/CVE-2010-0651.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" - }, - { - "name" : "http://websec.sv.cmu.edu/css/css.pdf", - "refsource" : "MISC", - "url" : "http://websec.sv.cmu.edu/css/css.pdf" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9877", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9877" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "http://trac.webkit.org/changeset/52784", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/52784" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=29820", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=29820" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "oval:org.mitre.oval:def:13653", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9877", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=9877" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://trac.webkit.org/changeset/52784", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/52784" + }, + { + "name": "http://websec.sv.cmu.edu/css/css.pdf", + "refsource": "MISC", + "url": "http://websec.sv.cmu.edu/css/css.pdf" + }, + { + "name": "oval:org.mitre.oval:def:13653", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=29820", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=29820" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0656.json b/2010/0xxx/CVE-2010-0656.json index 9d7eb4630f3..71dcaf0c77c 100644 --- a/2010/0xxx/CVE-2010-0656.json +++ b/2010/0xxx/CVE-2010-0656.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=20450", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=20450" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "http://trac.webkit.org/changeset/51295", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/51295" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=31329", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=31329" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38372" - }, - { - "name" : "oval:org.mitre.oval:def:14501", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "http://trac.webkit.org/changeset/51295", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/51295" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "38372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38372" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=20450", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=20450" + }, + { + "name": "oval:org.mitre.oval:def:14501", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=31329", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=31329" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0689.json b/2010/0xxx/CVE-2010-0689.json index 18db0e19ac4..2e5028557e2 100644 --- a/2010/0xxx/CVE-2010-0689.json +++ b/2010/0xxx/CVE-2010-0689.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100225 NSOADV-2010-003: DATEV ActiveX Control remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509743/100/0/threaded" - }, - { - "name" : "http://sotiriu.de/adv/NSOADV-2010-003.txt", - "refsource" : "MISC", - "url" : "http://sotiriu.de/adv/NSOADV-2010-003.txt" - }, - { - "name" : "http://sotiriu.de/demos/videos/nso-2010-003.html", - "refsource" : "MISC", - "url" : "http://sotiriu.de/demos/videos/nso-2010-003.html" - }, - { - "name" : "http://www.datev.de/info-db/1080162", - "refsource" : "CONFIRM", - "url" : "http://www.datev.de/info-db/1080162" - }, - { - "name" : "38415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38415" - }, - { - "name" : "62564", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62564" - }, - { - "name" : "38716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38716" - }, - { - "name" : "ADV-2010-0474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0474" - }, - { - "name" : "datev-dvbsexecall-command-execution(56530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sotiriu.de/demos/videos/nso-2010-003.html", + "refsource": "MISC", + "url": "http://sotiriu.de/demos/videos/nso-2010-003.html" + }, + { + "name": "38415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38415" + }, + { + "name": "62564", + "refsource": "OSVDB", + "url": "http://osvdb.org/62564" + }, + { + "name": "datev-dvbsexecall-command-execution(56530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530" + }, + { + "name": "ADV-2010-0474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0474" + }, + { + "name": "20100225 NSOADV-2010-003: DATEV ActiveX Control remote command execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509743/100/0/threaded" + }, + { + "name": "http://sotiriu.de/adv/NSOADV-2010-003.txt", + "refsource": "MISC", + "url": "http://sotiriu.de/adv/NSOADV-2010-003.txt" + }, + { + "name": "http://www.datev.de/info-db/1080162", + "refsource": "CONFIRM", + "url": "http://www.datev.de/info-db/1080162" + }, + { + "name": "38716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38716" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0805.json b/2010/0xxx/CVE-2010-0805.json index d542d4c19d8..f8aea67d6bc 100644 --- a/2010/0xxx/CVE-2010-0805.json +++ b/2010/0xxx/CVE-2010-0805.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510507/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-034", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-034" - }, - { - "name" : "MS10-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "TA10-089A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" - }, - { - "name" : "39025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39025" - }, - { - "name" : "oval:org.mitre.oval:def:8080", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080" - }, - { - "name" : "1023773", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023773" - }, - { - "name" : "ADV-2010-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39025" + }, + { + "name": "TA10-089A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" + }, + { + "name": "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-034", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "MS10-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" + }, + { + "name": "ADV-2010-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0744" + }, + { + "name": "1023773", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023773" + }, + { + "name": "oval:org.mitre.oval:def:8080", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0992.json b/2010/0xxx/CVE-2010-0992.json index 3cba2a3cb8b..28f38168e74 100644 --- a/2010/0xxx/CVE-2010-0992.json +++ b/2010/0xxx/CVE-2010-0992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 Secunia Research: Pulse CMS Cross-Site Request Forgery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510619/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-46/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-46/" - }, - { - "name" : "http://pulsecms.com/blog.php", - "refsource" : "CONFIRM", - "url" : "http://pulsecms.com/blog.php" - }, - { - "name" : "39046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2010-46/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-46/" + }, + { + "name": "39046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39046" + }, + { + "name": "20100409 Secunia Research: Pulse CMS Cross-Site Request Forgery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510619/100/0/threaded" + }, + { + "name": "http://pulsecms.com/blog.php", + "refsource": "CONFIRM", + "url": "http://pulsecms.com/blog.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1210.json b/2010/1xxx/CVE-2010-1210.json index aedd91efcc9..14d63517a1a 100644 --- a/2010/1xxx/CVE-2010-1210.json +++ b/2010/1xxx/CVE-2010-1210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=564679", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=564679" - }, - { - "name" : "oval:org.mitre.oval:def:11863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=564679", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=564679" + }, + { + "name": "oval:org.mitre.oval:def:11863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11863" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1256.json b/2010/1xxx/CVE-2010-1256.json index 26bff0f626c..f543cd357df 100644 --- a/2010/1xxx/CVE-2010-1256.json +++ b/2010/1xxx/CVE-2010-1256.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to \"token checking\" that trigger memory corruption, aka \"IIS Authentication Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40573" - }, - { - "name" : "oval:org.mitre.oval:def:7149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149" - }, - { - "name" : "ms-iis-authentication-code-execution(58864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to \"token checking\" that trigger memory corruption, aka \"IIS Authentication Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149" + }, + { + "name": "MS10-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040" + }, + { + "name": "40573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40573" + }, + { + "name": "ms-iis-authentication-code-execution(58864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58864" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1278.json b/2010/1xxx/CVE-2010-1278.json index f8522a9f23f..a01380bb28b 100644 --- a/2010/1xxx/CVE-2010-1278.json +++ b/2010/1xxx/CVE-2010-1278.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100421 ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510868/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-077/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-077/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" - }, - { - "name" : "oval:org.mitre.oval:def:7500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500" - }, - { - "name" : "1023908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-077/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-077/" + }, + { + "name": "oval:org.mitre.oval:def:7500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500" + }, + { + "name": "20100421 ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510868/100/0/threaded" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" + }, + { + "name": "1023908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023908" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1707.json b/2010/1xxx/CVE-2010-1707.json index 94143bac9c5..b99536fd21b 100644 --- a/2010/1xxx/CVE-2010-1707.json +++ b/2010/1xxx/CVE-2010-1707.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936" - }, - { - "name" : "ADV-2010-1034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936", + "refsource": "CONFIRM", + "url": "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936" + }, + { + "name": "ADV-2010-1034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1034" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1873.json b/2010/1xxx/CVE-2010-1873.json index 6e072f89476..bd1c10dc45f 100644 --- a/2010/1xxx/CVE-2010-1873.json +++ b/2010/1xxx/CVE-2010-1873.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12190", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12190" - }, - { - "name" : "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability", - "refsource" : "MISC", - "url" : "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt" - }, - { - "name" : "39409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39409" - }, - { - "name" : "63669", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63669" - }, - { - "name" : "39401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39401" - }, - { - "name" : "jvehicles-index-sql-injection(57774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt" + }, + { + "name": "39409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39409" + }, + { + "name": "39401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39401" + }, + { + "name": "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability", + "refsource": "MISC", + "url": "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability" + }, + { + "name": "12190", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12190" + }, + { + "name": "63669", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63669" + }, + { + "name": "jvehicles-index-sql-injection(57774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57774" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3275.json b/2010/3xxx/CVE-2010-3275.json index fb7bf286342..b1de6e1b3f0 100644 --- a/2010/3xxx/CVE-2010-3275.json +++ b/2010/3xxx/CVE-2010-3275.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517150/100/0/threaded" - }, - { - "name" : "17048", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17048" - }, - { - "name" : "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files" - }, - { - "name" : "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv" - }, - { - "name" : "http://www.videolan.org/vlc/releases/1.1.8.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/vlc/releases/1.1.8.html" - }, - { - "name" : "DSA-2211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2211" - }, - { - "name" : "47012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47012" - }, - { - "name" : "71277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71277" - }, - { - "name" : "oval:org.mitre.oval:def:14718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718" - }, - { - "name" : "1025250", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025250" - }, - { - "name" : "43826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43826" - }, - { - "name" : "8162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8162" - }, - { - "name" : "ADV-2011-0759", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0759" - }, - { - "name" : "vlcmediaplayer-amv-bo(66259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025250", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025250" + }, + { + "name": "ADV-2011-0759", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0759" + }, + { + "name": "http://www.videolan.org/vlc/releases/1.1.8.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/vlc/releases/1.1.8.html" + }, + { + "name": "43826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43826" + }, + { + "name": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv" + }, + { + "name": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files" + }, + { + "name": "DSA-2211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2211" + }, + { + "name": "17048", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17048" + }, + { + "name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded" + }, + { + "name": "71277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71277" + }, + { + "name": "vlcmediaplayer-amv-bo(66259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259" + }, + { + "name": "oval:org.mitre.oval:def:14718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718" + }, + { + "name": "8162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8162" + }, + { + "name": "47012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47012" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4319.json b/2010/4xxx/CVE-2010-4319.json index b8a46cefaa2..953c283f51a 100644 --- a/2010/4xxx/CVE-2010-4319.json +++ b/2010/4xxx/CVE-2010-4319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4441.json b/2010/4xxx/CVE-2010-4441.json index cfbb1ef83e8..0a44b6085a6 100644 --- a/2010/4xxx/CVE-2010-4441.json +++ b/2010/4xxx/CVE-2010-4441.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45881" - }, - { - "name" : "70576", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70576" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42982" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-talent-unauth-access(64789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "70576", + "refsource": "OSVDB", + "url": "http://osvdb.org/70576" + }, + { + "name": "peoplesoft-talent-unauth-access(64789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64789" + }, + { + "name": "42982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42982" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "45881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45881" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4619.json b/2010/4xxx/CVE-2010-4619.json index 6225fe5b907..c58b1dfcfea 100644 --- a/2010/4xxx/CVE-2010-4619.json +++ b/2010/4xxx/CVE-2010-4619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15775", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15775" - }, - { - "name" : "45501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45501" - }, - { - "name" : "42710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42710" - }, - { - "name" : "mafiagamescript-profile-sql-injection(64208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45501" + }, + { + "name": "42710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42710" + }, + { + "name": "15775", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15775" + }, + { + "name": "mafiagamescript-profile-sql-injection(64208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64208" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4919.json b/2010/4xxx/CVE-2010-4919.json index 6b8630e9e27..1ffb03fb593 100644 --- a/2010/4xxx/CVE-2010-4919.json +++ b/2010/4xxx/CVE-2010-4919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14914", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14914" - }, - { - "name" : "41319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41319" - }, - { - "name" : "rvdealer-detail-sql-injection(61611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14914", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14914" + }, + { + "name": "rvdealer-detail-sql-injection(61611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61611" + }, + { + "name": "41319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41319" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5222.json b/2010/5xxx/CVE-2010-5222.json index f6657257859..d6f6081ef91 100644 --- a/2010/5xxx/CVE-2010-5222.json +++ b/2010/5xxx/CVE-2010-5222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41902" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0044.json b/2014/0xxx/CVE-2014-0044.json index bbeeea68e48..83fc3a12525 100644 --- a/2014/0xxx/CVE-2014-0044.json +++ b/2014/0xxx/CVE-2014-0044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka \"out-of-bounds array access\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mumble.info/security/Mumble-SA-2014-001.txt", - "refsource" : "CONFIRM", - "url" : "http://mumble.info/security/Mumble-SA-2014-001.txt" - }, - { - "name" : "DSA-2854", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2854" - }, - { - "name" : "openSUSE-SU-2014:0271", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" - }, - { - "name" : "102904", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka \"out-of-bounds array access\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2854", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2854" + }, + { + "name": "openSUSE-SU-2014:0271", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" + }, + { + "name": "102904", + "refsource": "OSVDB", + "url": "http://osvdb.org/102904" + }, + { + "name": "http://mumble.info/security/Mumble-SA-2014-001.txt", + "refsource": "CONFIRM", + "url": "http://mumble.info/security/Mumble-SA-2014-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0595.json b/2014/0xxx/CVE-2014-0595.json index 881d48e820c..0ff3408fcd4 100644 --- a/2014/0xxx/CVE-2014-0595.json +++ b/2014/0xxx/CVE-2014-0595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7014932", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7014932" - }, - { - "name" : "SUSE-SU-2014:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html" - }, - { - "name" : "67144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67144" + }, + { + "name": "SUSE-SU-2014:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7014932", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7014932" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0622.json b/2014/0xxx/CVE-2014-0622.json index b9b7f5d28ce..f43660a3cd6 100644 --- a/2014/0xxx/CVE-2014-0622.json +++ b/2014/0xxx/CVE-2014-0622.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" - }, - { - "name" : "65398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65398" - }, - { - "name" : "102949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102949" - }, - { - "name" : "56845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56845" - }, - { - "name" : "emc-documentum-cve20140622-sec-bypass(90982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65398" + }, + { + "name": "emc-documentum-cve20140622-sec-bypass(90982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90982" + }, + { + "name": "102949", + "refsource": "OSVDB", + "url": "http://osvdb.org/102949" + }, + { + "name": "20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" + }, + { + "name": "56845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56845" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0919.json b/2014/0xxx/CVE-2014-0919.json index 94d5bfc8bff..4795427d3cc 100644 --- a/2014/0xxx/CVE-2014-0919.json +++ b/2014/0xxx/CVE-2014-0919.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698021" - }, - { - "name" : "IT07397", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397" - }, - { - "name" : "IT07547", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547" - }, - { - "name" : "IT07552", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552" - }, - { - "name" : "IT07553", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553" - }, - { - "name" : "IT07554", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554" - }, - { - "name" : "74217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74217" - }, - { - "name" : "1032247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT07553", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553" + }, + { + "name": "IT07554", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554" + }, + { + "name": "IT07547", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547" + }, + { + "name": "IT07552", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552" + }, + { + "name": "1032247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032247" + }, + { + "name": "74217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74217" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021" + }, + { + "name": "IT07397", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1815.json b/2014/1xxx/CVE-2014-1815.json index edf1d8f5ff5..d835bc4ccb9 100644 --- a/2014/1xxx/CVE-2014-1815.json +++ b/2014/1xxx/CVE-2014-1815.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0310." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0310." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1845.json b/2014/1xxx/CVE-2014-1845.json index 076fb6b958b..8b6f3080457 100644 --- a/2014/1xxx/CVE-2014-1845.json +++ b/2014/1xxx/CVE-2014-1845.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" - }, - { - "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0" - }, - { - "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" - }, - { - "name" : "enlightenment-helper-priv-esc(91216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "enlightenment-helper-priv-esc(91216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216" + }, + { + "name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" + }, + { + "name": "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/03/19" + }, + { + "name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4179.json b/2014/4xxx/CVE-2014-4179.json index 92a3743aa2a..1c78766408b 100644 --- a/2014/4xxx/CVE-2014-4179.json +++ b/2014/4xxx/CVE-2014-4179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4324.json b/2014/4xxx/CVE-2014-4324.json index 5faf4a98621..44b078d9a3d 100644 --- a/2014/4xxx/CVE-2014-4324.json +++ b/2014/4xxx/CVE-2014-4324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9194.json b/2014/9xxx/CVE-2014-9194.json index ef4bc30de8b..a1203f664f2 100644 --- a/2014/9xxx/CVE-2014-9194.json +++ b/2014/9xxx/CVE-2014-9194.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9359.json b/2014/9xxx/CVE-2014-9359.json index edec409a4f7..eba42b01269 100644 --- a/2014/9xxx/CVE-2014-9359.json +++ b/2014/9xxx/CVE-2014-9359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9444.json b/2014/9xxx/CVE-2014-9444.json index 50fb2a19f11..8d33c4a996e 100644 --- a/2014/9xxx/CVE-2014-9444.json +++ b/2014/9xxx/CVE-2014-9444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141227 Wordpress Frontend Uploader Cross Site Scripting(XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/122" - }, - { - "name" : "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html" - }, - { - "name" : "71808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141227 Wordpress Frontend Uploader Cross Site Scripting(XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/122" + }, + { + "name": "71808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71808" + }, + { + "name": "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9846.json b/2014/9xxx/CVE-2014-9846.json index 09ea8eeb497..ab2af695a1e 100644 --- a/2014/9xxx/CVE-2014-9846.json +++ b/2014/9xxx/CVE-2014-9846.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343504", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343504" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:2073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" - }, - { - "name" : "openSUSE-SU-2016:3060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" + }, + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2016:3060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343504", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343504" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9883.json b/2014/9xxx/CVE-2014-9883.json index 63afc1a3f7b..6b8fe149660 100644 --- a/2014/9xxx/CVE-2014-9883.json +++ b/2014/9xxx/CVE-2014-9883.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3061.json b/2016/3xxx/CVE-2016-3061.json index 496c96e1d81..3dc13cdd9e5 100644 --- a/2016/3xxx/CVE-2016-3061.json +++ b/2016/3xxx/CVE-2016-3061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3218.json b/2016/3xxx/CVE-2016-3218.json index 84306286a72..39288c7c984 100644 --- a/2016/3xxx/CVE-2016-3218.json +++ b/2016/3xxx/CVE-2016-3218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-073" - }, - { - "name" : "1036109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036109" + }, + { + "name": "MS16-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-073" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3440.json b/2016/3xxx/CVE-2016-3440.json index 52302c8ff39..f7b18d80639 100644 --- a/2016/3xxx/CVE-2016-3440.json +++ b/2016/3xxx/CVE-2016-3440.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91910" - }, - { - "name" : "1036362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036362" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91910" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3805.json b/2016/3xxx/CVE-2016-3805.json index 53c55c1353f..3cf11fd10ed 100644 --- a/2016/3xxx/CVE-2016-3805.json +++ b/2016/3xxx/CVE-2016-3805.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3902.json b/2016/3xxx/CVE-2016-3902.json index d5a609d4f3d..378e42c9594 100644 --- a/2016/3xxx/CVE-2016-3902.json +++ b/2016/3xxx/CVE-2016-3902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768" - }, - { - "name" : "93309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93309" + }, + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7224.json b/2016/7xxx/CVE-2016-7224.json index ed500c8bcd5..83ea1dfcd90 100644 --- a/2016/7xxx/CVE-2016-7224.json +++ b/2016/7xxx/CVE-2016-7224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40765/" - }, - { - "name" : "MS16-138", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138" - }, - { - "name" : "94017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94017" - }, - { - "name" : "1037248", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037248", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037248" + }, + { + "name": "MS16-138", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138" + }, + { + "name": "94017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94017" + }, + { + "name": "40765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40765/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7356.json b/2016/7xxx/CVE-2016-7356.json index b40118f6b6c..3eb423804ea 100644 --- a/2016/7xxx/CVE-2016-7356.json +++ b/2016/7xxx/CVE-2016-7356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7356", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7356", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7590.json b/2016/7xxx/CVE-2016-7590.json index e6fc6b9b67d..79cc9f4c3ea 100644 --- a/2016/7xxx/CVE-2016-7590.json +++ b/2016/7xxx/CVE-2016-7590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7590", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7590", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7689.json b/2016/7xxx/CVE-2016-7689.json index 391649cc42b..42778e45ad7 100644 --- a/2016/7xxx/CVE-2016-7689.json +++ b/2016/7xxx/CVE-2016-7689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7689", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7689", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8632.json b/2016/8xxx/CVE-2016-8632.json index a4ba7539f18..5844ba42793 100644 --- a/2016/8xxx/CVE-2016-8632.json +++ b/2016/8xxx/CVE-2016-8632.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html" - }, - { - "name" : "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/08/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" - }, - { - "name" : "94211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/08/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" + }, + { + "name": "94211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94211" + }, + { + "name": "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8654.json b/2016/8xxx/CVE-2016-8654.json index 68396b5c23c..4d9a54e4731 100644 --- a/2016/8xxx/CVE-2016-8654.json +++ b/2016/8xxx/CVE-2016-8654.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jasper", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Jasper Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jasper", + "version": { + "version_data": [ + { + "version_value": "2.0.0" + } + ] + } + } + ] + }, + "vendor_name": "The Jasper Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/93", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/issues/93" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/94", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/issues/94" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a" - }, - { - "name" : "DSA-3785", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3785" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "94583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ], + [ + { + "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3785", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3785" + }, + { + "name": "94583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94583" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "https://github.com/mdadams/jasper/issues/93", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/issues/93" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654" + }, + { + "name": "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a" + }, + { + "name": "https://github.com/mdadams/jasper/issues/94", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/issues/94" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8840.json b/2016/8xxx/CVE-2016-8840.json index 2712884ad9b..18b7eea40ad 100644 --- a/2016/8xxx/CVE-2016-8840.json +++ b/2016/8xxx/CVE-2016-8840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8840", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8840", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8900.json b/2016/8xxx/CVE-2016-8900.json index 2ce1b3a60eb..646d951e711 100644 --- a/2016/8xxx/CVE-2016-8900.json +++ b/2016/8xxx/CVE-2016-8900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9071.json b/2016/9xxx/CVE-2016-9071.json index 1160c371a08..2c58046404f 100644 --- a/2016/9xxx/CVE-2016-9071.json +++ b/2016/9xxx/CVE-2016-9071.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Probe browser history via HSTS/301 redirect + CSP" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Probe browser history via HSTS/301 redirect + CSP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file