From ff32daf8be60a4801e023475efb3c218851eaa67 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:31:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0028.json | 280 ++++++++++++------------ 2006/0xxx/CVE-2006-0774.json | 190 ++++++++--------- 2006/1xxx/CVE-2006-1351.json | 170 +++++++-------- 2006/1xxx/CVE-2006-1434.json | 160 +++++++------- 2006/1xxx/CVE-2006-1626.json | 280 ++++++++++++------------ 2006/5xxx/CVE-2006-5056.json | 160 +++++++------- 2006/5xxx/CVE-2006-5222.json | 160 +++++++------- 2006/5xxx/CVE-2006-5591.json | 180 ++++++++-------- 2006/5xxx/CVE-2006-5947.json | 150 ++++++------- 2006/5xxx/CVE-2006-5986.json | 130 ++++++------ 2006/5xxx/CVE-2006-5989.json | 260 +++++++++++------------ 2007/2xxx/CVE-2007-2150.json | 150 ++++++------- 2007/2xxx/CVE-2007-2571.json | 160 +++++++------- 2007/2xxx/CVE-2007-2599.json | 230 ++++++++++---------- 2010/0xxx/CVE-2010-0339.json | 120 +++++------ 2010/0xxx/CVE-2010-0693.json | 160 +++++++------- 2010/0xxx/CVE-2010-0827.json | 210 +++++++++--------- 2010/0xxx/CVE-2010-0886.json | 250 +++++++++++----------- 2010/0xxx/CVE-2010-0898.json | 120 +++++------ 2010/1xxx/CVE-2010-1498.json | 210 +++++++++--------- 2010/1xxx/CVE-2010-1646.json | 400 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3316.json | 320 ++++++++++++++-------------- 2010/4xxx/CVE-2010-4037.json | 170 +++++++-------- 2010/4xxx/CVE-2010-4084.json | 140 ++++++------ 2010/4xxx/CVE-2010-4622.json | 180 ++++++++-------- 2010/4xxx/CVE-2010-4992.json | 160 +++++++------- 2014/0xxx/CVE-2014-0130.json | 150 ++++++------- 2014/0xxx/CVE-2014-0853.json | 140 ++++++------ 2014/0xxx/CVE-2014-0908.json | 140 ++++++------ 2014/0xxx/CVE-2014-0911.json | 140 ++++++------ 2014/0xxx/CVE-2014-0930.json | 220 +++++++++---------- 2014/4xxx/CVE-2014-4073.json | 160 +++++++------- 2014/4xxx/CVE-2014-4390.json | 150 ++++++------- 2014/4xxx/CVE-2014-4562.json | 34 +-- 2014/4xxx/CVE-2014-4603.json | 130 ++++++------ 2014/4xxx/CVE-2014-4737.json | 160 +++++++------- 2014/8xxx/CVE-2014-8120.json | 130 ++++++------ 2014/8xxx/CVE-2014-8300.json | 34 +-- 2014/8xxx/CVE-2014-8489.json | 140 ++++++------ 2014/8xxx/CVE-2014-8709.json | 240 ++++++++++----------- 2014/9xxx/CVE-2014-9108.json | 34 +-- 2014/9xxx/CVE-2014-9845.json | 230 ++++++++++---------- 2016/2xxx/CVE-2016-2465.json | 120 +++++------ 2016/3xxx/CVE-2016-3723.json | 150 ++++++------- 2016/3xxx/CVE-2016-3761.json | 130 ++++++------ 2016/3xxx/CVE-2016-3939.json | 130 ++++++------ 2016/6xxx/CVE-2016-6342.json | 130 ++++++------ 2016/6xxx/CVE-2016-6430.json | 130 ++++++------ 2016/6xxx/CVE-2016-6942.json | 140 ++++++------ 2016/7xxx/CVE-2016-7503.json | 34 +-- 2016/7xxx/CVE-2016-7681.json | 34 +-- 2016/7xxx/CVE-2016-7761.json | 120 +++++------ 2016/7xxx/CVE-2016-7769.json | 34 +-- 2016/7xxx/CVE-2016-7795.json | 200 +++++++++--------- 2016/8xxx/CVE-2016-8319.json | 164 +++++++------- 2016/8xxx/CVE-2016-8640.json | 152 ++++++------- 56 files changed, 4500 insertions(+), 4500 deletions(-) diff --git a/2006/0xxx/CVE-2006-0028.json b/2006/0xxx/CVE-2006-0028.json index b02166e6822..46b6ebac49f 100644 --- a/2006/0xxx/CVE-2006-0028.json +++ b/2006/0xxx/CVE-2006-0028.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427632/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm" - }, - { - "name" : "MS06-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012" - }, - { - "name" : "TA06-073A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-073A.html" - }, - { - "name" : "VU#339878", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/339878" - }, - { - "name" : "ADV-2006-0950", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0950" - }, - { - "name" : "23899", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23899" - }, - { - "name" : "oval:org.mitre.oval:def:1158", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1158" - }, - { - "name" : "oval:org.mitre.oval:def:1411", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1411" - }, - { - "name" : "oval:org.mitre.oval:def:1509", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1509" - }, - { - "name" : "oval:org.mitre.oval:def:1635", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1635" - }, - { - "name" : "1015766", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015766" - }, - { - "name" : "19138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19138" - }, - { - "name" : "19238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19238" - }, - { - "name" : "583", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/583" - }, - { - "name" : "excel-parsing-format-file-bo(25225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0950", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0950" + }, + { + "name": "oval:org.mitre.oval:def:1411", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1411" + }, + { + "name": "oval:org.mitre.oval:def:1509", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1509" + }, + { + "name": "oval:org.mitre.oval:def:1158", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1158" + }, + { + "name": "583", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/583" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm" + }, + { + "name": "19238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19238" + }, + { + "name": "VU#339878", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/339878" + }, + { + "name": "TA06-073A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-073A.html" + }, + { + "name": "19138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19138" + }, + { + "name": "20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427632/100/0/threaded" + }, + { + "name": "1015766", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015766" + }, + { + "name": "23899", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23899" + }, + { + "name": "oval:org.mitre.oval:def:1635", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1635" + }, + { + "name": "MS06-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012" + }, + { + "name": "excel-parsing-format-file-bo(25225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25225" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0774.json b/2006/0xxx/CVE-2006-0774.json index 7d0d8716eb5..fb2c4501f67 100644 --- a/2006/0xxx/CVE-2006-0774.json +++ b/2006/0xxx/CVE-2006-0774.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 DB_eSession deleteSession() SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424819/100/0/threaded" - }, - { - "name" : "20060501 Re: DB_eSession deleteSession() SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433132/30/5160/threaded" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00099-02112006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00099-02112006" - }, - { - "name" : "16598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16598" - }, - { - "name" : "ADV-2006-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0528" - }, - { - "name" : "23104", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23104" - }, - { - "name" : "18805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18805" - }, - { - "name" : "dbesession-deletesession-sql-injection(24673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16598" + }, + { + "name": "20060211 DB_eSession deleteSession() SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424819/100/0/threaded" + }, + { + "name": "ADV-2006-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0528" + }, + { + "name": "dbesession-deletesession-sql-injection(24673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24673" + }, + { + "name": "20060501 Re: DB_eSession deleteSession() SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433132/30/5160/threaded" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00099-02112006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00099-02112006" + }, + { + "name": "18805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18805" + }, + { + "name": "23104", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23104" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1351.json b/2006/1xxx/CVE-2006-1351.json index 3f4d649de46..3ca6fbe777d 100644 --- a/2006/1xxx/CVE-2006-1351.json +++ b/2006/1xxx/CVE-2006-1351.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a \"default internal servlet\" accessed through HTTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-120.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/180" - }, - { - "name" : "17166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17166" - }, - { - "name" : "ADV-2006-1021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1021" - }, - { - "name" : "1015792", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015792" - }, - { - "name" : "19310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19310" - }, - { - "name" : "weblogic-server-default-servlet(25347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a \"default internal servlet\" accessed through HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015792", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015792" + }, + { + "name": "weblogic-server-default-servlet(25347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25347" + }, + { + "name": "BEA06-120.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/180" + }, + { + "name": "19310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19310" + }, + { + "name": "ADV-2006-1021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1021" + }, + { + "name": "17166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17166" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1434.json b/2006/1xxx/CVE-2006-1434.json index f07e5d5a72c..d9076a8de10 100644 --- a/2006/1xxx/CVE-2006-1434.json +++ b/2006/1xxx/CVE-2006-1434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt" - }, - { - "name" : "17393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17393" - }, - { - "name" : "24303", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24303" - }, - { - "name" : "19548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19548" - }, - { - "name" : "annuaire-inscription-xss(25669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24303", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24303" + }, + { + "name": "http://osvdb.org/ref/24/24302-annuaire_directory.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24302-annuaire_directory.txt" + }, + { + "name": "19548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19548" + }, + { + "name": "17393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17393" + }, + { + "name": "annuaire-inscription-xss(25669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25669" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1626.json b/2006/1xxx/CVE-2006-1626.json index 2cc73c1f41e..dcce1e1fa82 100644 --- a/2006/1xxx/CVE-2006-1626.json +++ b/2006/1xxx/CVE-2006-1626.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060403 Another Internet Explorer Address Bar Spoofing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429719/100/0/threaded" - }, - { - "name" : "20060404 Another way to spoof Internet Explorer Address Bar", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429891/100/0/threaded" - }, - { - "name" : "20060721 about bid 17404", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440851/100/100/threaded" - }, - { - "name" : "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/", - "refsource" : "MISC", - "url" : "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/" - }, - { - "name" : "MS06-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" - }, - { - "name" : "17404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17404" - }, - { - "name" : "ADV-2006-1218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1218" - }, - { - "name" : "ADV-2006-2319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2319" - }, - { - "name" : "oval:org.mitre.oval:def:1600", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1600" - }, - { - "name" : "oval:org.mitre.oval:def:1604", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1604" - }, - { - "name" : "oval:org.mitre.oval:def:1806", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1806" - }, - { - "name" : "oval:org.mitre.oval:def:1842", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1842" - }, - { - "name" : "oval:org.mitre.oval:def:1881", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1881" - }, - { - "name" : "oval:org.mitre.oval:def:1918", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1918" - }, - { - "name" : "1016291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016291" - }, - { - "name" : "19521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19521" - }, - { - "name" : "ie-swf-addressbar-spoofing(25634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/", + "refsource": "MISC", + "url": "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/" + }, + { + "name": "17404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17404" + }, + { + "name": "ADV-2006-2319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2319" + }, + { + "name": "1016291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016291" + }, + { + "name": "oval:org.mitre.oval:def:1842", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1842" + }, + { + "name": "oval:org.mitre.oval:def:1881", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1881" + }, + { + "name": "oval:org.mitre.oval:def:1604", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1604" + }, + { + "name": "oval:org.mitre.oval:def:1806", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1806" + }, + { + "name": "ADV-2006-1218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1218" + }, + { + "name": "MS06-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" + }, + { + "name": "19521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19521" + }, + { + "name": "20060403 Another Internet Explorer Address Bar Spoofing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429719/100/0/threaded" + }, + { + "name": "20060721 about bid 17404", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440851/100/100/threaded" + }, + { + "name": "20060404 Another way to spoof Internet Explorer Address Bar", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429891/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1600", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1600" + }, + { + "name": "oval:org.mitre.oval:def:1918", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1918" + }, + { + "name": "ie-swf-addressbar-spoofing(25634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25634" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5056.json b/2006/5xxx/CVE-2006-5056.json index da93414663e..82e0a42c201 100644 --- a/2006/5xxx/CVE-2006-5056.json +++ b/2006/5xxx/CVE-2006-5056.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060923 Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446896/100/0/threaded" - }, - { - "name" : "20174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20174" - }, - { - "name" : "ADV-2006-3778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3778" - }, - { - "name" : "22092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22092" - }, - { - "name" : "1641", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22092" + }, + { + "name": "20174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20174" + }, + { + "name": "ADV-2006-3778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3778" + }, + { + "name": "1641", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1641" + }, + { + "name": "20060923 Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446896/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5222.json b/2006/5xxx/CVE-2006-5222.json index d1daae3e1a2..6de59a43f9c 100644 --- a/2006/5xxx/CVE-2006-5222.json +++ b/2006/5xxx/CVE-2006-5222.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2481", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2481" - }, - { - "name" : "20367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20367" - }, - { - "name" : "ADV-2006-3923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3923" - }, - { - "name" : "22287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22287" - }, - { - "name" : "dimension-phpbbroot-file-include(29361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22287" + }, + { + "name": "ADV-2006-3923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3923" + }, + { + "name": "20367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20367" + }, + { + "name": "dimension-phpbbroot-file-include(29361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29361" + }, + { + "name": "2481", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2481" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5591.json b/2006/5xxx/CVE-2006-5591.json index 7b45f604a9c..b789a987c86 100644 --- a/2006/5xxx/CVE-2006-5591.json +++ b/2006/5xxx/CVE-2006-5591.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449668/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-445.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-445.html" - }, - { - "name" : "20746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20746" - }, - { - "name" : "ADV-2006-4208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4208" - }, - { - "name" : "22576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22576" - }, - { - "name" : "1788", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1788" - }, - { - "name" : "pacpoll-check-sql-injection(29800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1788", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1788" + }, + { + "name": "pacpoll-check-sql-injection(29800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29800" + }, + { + "name": "20746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20746" + }, + { + "name": "ADV-2006-4208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4208" + }, + { + "name": "http://www.kapda.ir/advisory-445.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-445.html" + }, + { + "name": "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449668/100/0/threaded" + }, + { + "name": "22576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22576" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5947.json b/2006/5xxx/CVE-2006-5947.json index 7eb0b10ebe5..f54999bc381 100644 --- a/2006/5xxx/CVE-2006-5947.json +++ b/2006/5xxx/CVE-2006-5947.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21081" - }, - { - "name" : "ADV-2006-4519", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4519" - }, - { - "name" : "22893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22893" - }, - { - "name" : "conxintftp-directory-traversal(30295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "conxintftp-directory-traversal(30295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30295" + }, + { + "name": "22893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22893" + }, + { + "name": "ADV-2006-4519", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4519" + }, + { + "name": "21081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21081" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5986.json b/2006/5xxx/CVE-2006-5986.json index 04e5b55b4c9..e8677efb69b 100644 --- a/2006/5xxx/CVE-2006-5986.json +++ b/2006/5xxx/CVE-2006-5986.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4529", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4529" - }, - { - "name" : "22919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22919" + }, + { + "name": "ADV-2006-4529", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4529" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5989.json b/2006/5xxx/CVE-2006-5989.json index f2b66c35a0e..85a91a6b88d 100644 --- a/2006/5xxx/CVE-2006-5989.json +++ b/2006/5xxx/CVE-2006-5989.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650" - }, - { - "name" : "DSA-1247", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1247" - }, - { - "name" : "GLSA-200701-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-14.xml" - }, - { - "name" : "MDKSA-2006:218", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:218" - }, - { - "name" : "RHSA-2006:0746", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0746.html" - }, - { - "name" : "21214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21214" - }, - { - "name" : "oval:org.mitre.oval:def:10051", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051" - }, - { - "name" : "ADV-2006-4633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4633" - }, - { - "name" : "1017348", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017348" - }, - { - "name" : "23023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23023" - }, - { - "name" : "23251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23251" - }, - { - "name" : "23681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23681" - }, - { - "name" : "23820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23820" - }, - { - "name" : "apache-modauthkerb-offbyone-bo(30456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650" + }, + { + "name": "23251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23251" + }, + { + "name": "23681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23681" + }, + { + "name": "DSA-1247", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1247" + }, + { + "name": "21214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21214" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736" + }, + { + "name": "23023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23023" + }, + { + "name": "23820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23820" + }, + { + "name": "RHSA-2006:0746", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0746.html" + }, + { + "name": "apache-modauthkerb-offbyone-bo(30456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30456" + }, + { + "name": "MDKSA-2006:218", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:218" + }, + { + "name": "1017348", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017348" + }, + { + "name": "ADV-2006-4633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4633" + }, + { + "name": "GLSA-200701-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-14.xml" + }, + { + "name": "oval:org.mitre.oval:def:10051", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2150.json b/2007/2xxx/CVE-2007-2150.json index 601d5783d7c..e3e37aa656b 100644 --- a/2007/2xxx/CVE-2007-2150.json +++ b/2007/2xxx/CVE-2007-2150.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070417 BlueArc Firmware 4.2.944b FTP bounce", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466025/100/0/threaded" - }, - { - "name" : "23540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23540" - }, - { - "name" : "35414", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35414" - }, - { - "name" : "bluearc-port-traffic-hijacking(33721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070417 BlueArc Firmware 4.2.944b FTP bounce", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466025/100/0/threaded" + }, + { + "name": "35414", + "refsource": "OSVDB", + "url": "http://osvdb.org/35414" + }, + { + "name": "bluearc-port-traffic-hijacking(33721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33721" + }, + { + "name": "23540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23540" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2571.json b/2007/2xxx/CVE-2007-2571.json index 7918d530820..73be5e2f420 100644 --- a/2007/2xxx/CVE-2007-2571.json +++ b/2007/2xxx/CVE-2007-2571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3862", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3862" - }, - { - "name" : "ADV-2007-1677", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1677" - }, - { - "name" : "34473", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34473" - }, - { - "name" : "25171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25171" - }, - { - "name" : "xoops-wfquotes-index-sql-injection(34101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xoops-wfquotes-index-sql-injection(34101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34101" + }, + { + "name": "3862", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3862" + }, + { + "name": "ADV-2007-1677", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1677" + }, + { + "name": "34473", + "refsource": "OSVDB", + "url": "http://osvdb.org/34473" + }, + { + "name": "25171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25171" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2599.json b/2007/2xxx/CVE-2007-2599.json index 970301afe58..b1e764c554a 100644 --- a/2007/2xxx/CVE-2007-2599.json +++ b/2007/2xxx/CVE-2007-2599.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3887", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3887" - }, - { - "name" : "http://www.wavelinkmedia.com/scripts/tutorialcms/", - "refsource" : "CONFIRM", - "url" : "http://www.wavelinkmedia.com/scripts/tutorialcms/" - }, - { - "name" : "23905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23905" - }, - { - "name" : "ADV-2007-1742", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1742" - }, - { - "name" : "35899", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35899" - }, - { - "name" : "35900", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35900" - }, - { - "name" : "35901", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35901" - }, - { - "name" : "35902", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35902" - }, - { - "name" : "35903", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35903" - }, - { - "name" : "35905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35905" - }, - { - "name" : "25222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25222" - }, - { - "name" : "tutorialcms-multiple-sql-injection(34214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tutorialcms-multiple-sql-injection(34214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34214" + }, + { + "name": "35902", + "refsource": "OSVDB", + "url": "http://osvdb.org/35902" + }, + { + "name": "23905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23905" + }, + { + "name": "ADV-2007-1742", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1742" + }, + { + "name": "http://www.wavelinkmedia.com/scripts/tutorialcms/", + "refsource": "CONFIRM", + "url": "http://www.wavelinkmedia.com/scripts/tutorialcms/" + }, + { + "name": "35905", + "refsource": "OSVDB", + "url": "http://osvdb.org/35905" + }, + { + "name": "35900", + "refsource": "OSVDB", + "url": "http://osvdb.org/35900" + }, + { + "name": "35899", + "refsource": "OSVDB", + "url": "http://osvdb.org/35899" + }, + { + "name": "35901", + "refsource": "OSVDB", + "url": "http://osvdb.org/35901" + }, + { + "name": "35903", + "refsource": "OSVDB", + "url": "http://osvdb.org/35903" + }, + { + "name": "3887", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3887" + }, + { + "name": "25222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25222" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0339.json b/2010/0xxx/CVE-2010-0339.json index 9541388fad9..4c901c5cfe4 100644 --- a/2010/0xxx/CVE-2010-0339.json +++ b/2010/0xxx/CVE-2010-0339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0693.json b/2010/0xxx/CVE-2010-0693.json index 18a52d78e8b..c7693ee3606 100644 --- a/2010/0xxx/CVE-2010-0693.json +++ b/2010/0xxx/CVE-2010-0693.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt" - }, - { - "name" : "11412", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11412" - }, - { - "name" : "62294", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62294" - }, - { - "name" : "38556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38556" - }, - { - "name" : "trade-manager-products-sql-injection(56223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62294", + "refsource": "OSVDB", + "url": "http://osvdb.org/62294" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt" + }, + { + "name": "trade-manager-products-sql-injection(56223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56223" + }, + { + "name": "38556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38556" + }, + { + "name": "11412", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11412" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0827.json b/2010/0xxx/CVE-2010-0827.json index e7fbe19cdd7..a520122c548 100644 --- a/2010/0xxx/CVE-2010-0827.json +++ b/2010/0xxx/CVE-2010-0827.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-tracker.debian.org/tracker/CVE-2010-0827", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.org/tracker/CVE-2010-0827" - }, - { - "name" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095", - "refsource" : "CONFIRM", - "url" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095" - }, - { - "name" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log", - "refsource" : "CONFIRM", - "url" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572914", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572914" - }, - { - "name" : "GLSA-201206-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-28.xml" - }, - { - "name" : "SUSE-SR:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-937-1" - }, - { - "name" : "39971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39971" - }, - { - "name" : "oval:org.mitre.oval:def:10052", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log", + "refsource": "CONFIRM", + "url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log" + }, + { + "name": "39971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39971" + }, + { + "name": "GLSA-201206-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-28.xml" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095", + "refsource": "CONFIRM", + "url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095" + }, + { + "name": "SUSE-SR:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" + }, + { + "name": "http://security-tracker.debian.org/tracker/CVE-2010-0827", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.org/tracker/CVE-2010-0827" + }, + { + "name": "oval:org.mitre.oval:def:10052", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=572914", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572914" + }, + { + "name": "USN-937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-937-1" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0886.json b/2010/0xxx/CVE-2010-0886.json index 0514b7b8945..f6029d07e59 100644 --- a/2010/0xxx/CVE-2010-0886.json +++ b/2010/0xxx/CVE-2010-0886.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "279590", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1" - }, - { - "name" : "1022294", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1" - }, - { - "name" : "oval:org.mitre.oval:def:14216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "279590", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "1022294", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0898.json b/2010/0xxx/CVE-2010-0898.json index 08ec29fa5c0..77ed817e805 100644 --- a/2010/0xxx/CVE-2010-0898.json +++ b/2010/0xxx/CVE-2010-0898.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1498.json b/2010/1xxx/CVE-2010-1498.json index 1e96dfffdb3..c5037a6cc2f 100644 --- a/2010/1xxx/CVE-2010-1498.json +++ b/2010/1xxx/CVE-2010-1498.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt" - }, - { - "name" : "12280", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12280" - }, - { - "name" : "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/" - }, - { - "name" : "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt" - }, - { - "name" : "39592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39592" - }, - { - "name" : "63907", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63907" - }, - { - "name" : "63908", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63908" - }, - { - "name" : "39496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39496" - }, - { - "name" : "ADV-2010-0939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0939" - }, - { - "name" : "dlstats-id-sql-injection(57917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt" + }, + { + "name": "39592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39592" + }, + { + "name": "ADV-2010-0939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0939" + }, + { + "name": "63908", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63908" + }, + { + "name": "63907", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63907" + }, + { + "name": "12280", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12280" + }, + { + "name": "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/", + "refsource": "MISC", + "url": "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/" + }, + { + "name": "dlstats-id-sql-injection(57917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57917" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt" + }, + { + "name": "39496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39496" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1646.json b/2010/1xxx/CVE-2010-1646.json index 27c18e34293..19a4a0225e1 100644 --- a/2010/1xxx/CVE-2010-1646.json +++ b/2010/1xxx/CVE-2010-1646.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101027 rPSA-2010-0075-1 sudo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded" - }, - { - "name" : "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0" - }, - { - "name" : "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/secure_path.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/secure_path.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598154", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598154" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075" - }, - { - "name" : "DSA-2062", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2062" - }, - { - "name" : "FEDORA-2010-9402", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html" - }, - { - "name" : "FEDORA-2010-9415", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html" - }, - { - "name" : "FEDORA-2010-9417", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html" - }, - { - "name" : "GLSA-201009-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201009-03.xml" - }, - { - "name" : "MDVSA-2010:118", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118" - }, - { - "name" : "RHSA-2010:0475", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0475.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "40538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40538" - }, - { - "name" : "65083", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65083" - }, - { - "name" : "oval:org.mitre.oval:def:10580", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580" - }, - { - "name" : "oval:org.mitre.oval:def:7338", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338" - }, - { - "name" : "1024101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024101" - }, - { - "name" : "40002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40002" - }, - { - "name" : "40188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40188" - }, - { - "name" : "40215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40215" - }, - { - "name" : "40508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40508" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1452" - }, - { - "name" : "ADV-2010-1518", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1518" - }, - { - "name" : "ADV-2010-1519", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1519" - }, - { - "name" : "ADV-2010-1478", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1478" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65083", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65083" + }, + { + "name": "FEDORA-2010-9417", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/secure_path.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/secure_path.html" + }, + { + "name": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0" + }, + { + "name": "oval:org.mitre.oval:def:10580", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580" + }, + { + "name": "MDVSA-2010:118", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "40188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40188" + }, + { + "name": "40002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40002" + }, + { + "name": "40215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40215" + }, + { + "name": "20101027 rPSA-2010-0075-1 sudo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded" + }, + { + "name": "1024101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024101" + }, + { + "name": "40538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40538" + }, + { + "name": "FEDORA-2010-9415", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html" + }, + { + "name": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "DSA-2062", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2062" + }, + { + "name": "FEDORA-2010-9402", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075" + }, + { + "name": "GLSA-201009-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml" + }, + { + "name": "ADV-2010-1478", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1478" + }, + { + "name": "RHSA-2010:0475", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html" + }, + { + "name": "oval:org.mitre.oval:def:7338", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338" + }, + { + "name": "40508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40508" + }, + { + "name": "ADV-2010-1518", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1518" + }, + { + "name": "ADV-2010-1519", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1519" + }, + { + "name": "ADV-2010-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1452" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598154", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3316.json b/2010/3xxx/CVE-2010-3316.json index 245ca4ab27b..38ed2b5fbcc 100644 --- a/2010/3xxx/CVE-2010-3316.json +++ b/2010/3xxx/CVE-2010-3316.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded" - }, - { - "name" : "[oss-security] 20100816 Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/08/16/2" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/3" - }, - { - "name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/21/8" - }, - { - "name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/4" - }, - { - "name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/5" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/7" - }, - { - "name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/09/27/10" - }, - { - "name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/25/2" - }, - { - "name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" - }, - { - "name" : "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663", - "refsource" : "MISC", - "url" : "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663" - }, - { - "name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6", - "refsource" : "CONFIRM", - "url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=637898", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=637898" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" - }, - { - "name" : "GLSA-201206-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" - }, - { - "name" : "MDVSA-2010:220", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220" - }, - { - "name" : "RHSA-2010:0819", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0819.html" - }, - { - "name" : "RHSA-2010:0891", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0891.html" - }, - { - "name" : "49711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49711" - }, - { - "name" : "ADV-2011-0606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/5" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/3" + }, + { + "name": "GLSA-201206-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml" + }, + { + "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" + }, + { + "name": "ADV-2011-0606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0606" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=637898", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=637898" + }, + { + "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded" + }, + { + "name": "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663", + "refsource": "MISC", + "url": "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663" + }, + { + "name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/2" + }, + { + "name": "[oss-security] 20100816 Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/08/16/2" + }, + { + "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/21/8" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/10" + }, + { + "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/4" + }, + { + "name": "MDVSA-2010:220", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220" + }, + { + "name": "49711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49711" + }, + { + "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6", + "refsource": "CONFIRM", + "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6" + }, + { + "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/09/27/7" + }, + { + "name": "RHSA-2010:0891", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html" + }, + { + "name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/25/2" + }, + { + "name": "RHSA-2010:0819", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4037.json b/2010/4xxx/CVE-2010-4037.json index 106369a8821..9edf68acf6b 100644 --- a/2010/4xxx/CVE-2010-4037.json +++ b/2010/4xxx/CVE-2010-4037.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=53002", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=53002" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html" - }, - { - "name" : "44241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44241" - }, - { - "name" : "oval:org.mitre.oval:def:6790", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6790" - }, - { - "name" : "41888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41888" - }, - { - "name" : "ADV-2010-2731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2731" + }, + { + "name": "oval:org.mitre.oval:def:6790", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6790" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=53002", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=53002" + }, + { + "name": "41888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41888" + }, + { + "name": "44241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44241" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4084.json b/2010/4xxx/CVE-2010-4084.json index fd0e51e22de..64d79ddc2b2 100644 --- a/2010/4xxx/CVE-2010-4084.json +++ b/2010/4xxx/CVE-2010-4084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html" - }, - { - "name" : "oval:org.mitre.oval:def:12265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12265" - }, - { - "name" : "1024664", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024664", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024664" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html" + }, + { + "name": "oval:org.mitre.oval:def:12265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12265" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4622.json b/2010/4xxx/CVE-2010-4622.json index 2fcc9308c9f..2a34411ac51 100644 --- a/2010/4xxx/CVE-2010-4622.json +++ b/2010/4xxx/CVE-2010-4622.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028829", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028829" - }, - { - "name" : "45582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45582" - }, - { - "name" : "70158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70158" - }, - { - "name" : "1024927", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024927" - }, - { - "name" : "42727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42727" - }, - { - "name" : "ADV-2010-3329", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3329" - }, - { - "name" : "tivoli-ebusiness-unspecified-dir-traversal(64306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-3329", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3329" + }, + { + "name": "45582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45582" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24028829", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028829" + }, + { + "name": "1024927", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024927" + }, + { + "name": "70158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70158" + }, + { + "name": "42727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42727" + }, + { + "name": "tivoli-ebusiness-unspecified-dir-traversal(64306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64306" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4992.json b/2010/4xxx/CVE-2010-4992.json index 5d70bbf9657..b8cb0bbbc6d 100644 --- a/2010/4xxx/CVE-2010-4992.json +++ b/2010/4xxx/CVE-2010-4992.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14265", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14265" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt" - }, - { - "name" : "41458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41458" - }, - { - "name" : "8497", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8497" - }, - { - "name" : "paymentspluscom-add-sql-injection(60166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41458" + }, + { + "name": "8497", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8497" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt" + }, + { + "name": "14265", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14265" + }, + { + "name": "paymentspluscom-add-sql-injection(60166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60166" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0130.json b/2014/0xxx/CVE-2014-0130.json index 39a09d277f6..b410e8be5a3 100644 --- a/2014/0xxx/CVE-2014-0130.json +++ b/2014/0xxx/CVE-2014-0130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" - }, - { - "name" : "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", - "refsource" : "MISC", - "url" : "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" - }, - { - "name" : "RHSA-2014:1863", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1863.html" - }, - { - "name" : "67244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1863", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" + }, + { + "name": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", + "refsource": "MISC", + "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" + }, + { + "name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" + }, + { + "name": "67244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67244" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0853.json b/2014/0xxx/CVE-2014-0853.json index 70e8893e1c8..7efe6b8f835 100644 --- a/2014/0xxx/CVE-2014-0853.json +++ b/2014/0xxx/CVE-2014-0853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005" - }, - { - "name" : "65726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65726" - }, - { - "name" : "ibm-focalpoint-cve20140853-xss(90754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005" + }, + { + "name": "ibm-focalpoint-cve20140853-xss(90754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90754" + }, + { + "name": "65726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65726" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0908.json b/2014/0xxx/CVE-2014-0908.json index 6f1dd206e55..320bab92e39 100644 --- a/2014/0xxx/CVE-2014-0908.json +++ b/2014/0xxx/CVE-2014-0908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669330", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669330" - }, - { - "name" : "JR49505", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505" - }, - { - "name" : "ibm-bpm-cve20140908-priv-escalation(91870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669330", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669330" + }, + { + "name": "JR49505", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505" + }, + { + "name": "ibm-bpm-cve20140908-priv-escalation(91870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91870" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0911.json b/2014/0xxx/CVE-2014-0911.json index ae4004b2e64..ecada693956 100644 --- a/2014/0xxx/CVE-2014-0911.json +++ b/2014/0xxx/CVE-2014-0911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670374" - }, - { - "name" : "IV55886", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886" - }, - { - "name" : "ibm-websphere-cve20140911-dos(91876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV55886", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670374", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670374" + }, + { + "name": "ibm-websphere-cve20140911-dos(91876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0930.json b/2014/0xxx/CVE-2014-0930.json index 63f80be97bc..5e2f0a1743a 100644 --- a/2014/0xxx/CVE-2014-0930.json +++ b/2014/0xxx/CVE-2014-0930.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc" - }, - { - "name" : "IV58766", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58766" - }, - { - "name" : "IV58840", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58840" - }, - { - "name" : "IV58861", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58861" - }, - { - "name" : "IV58888", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58888" - }, - { - "name" : "IV58948", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58948" - }, - { - "name" : "IV59045", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV59045" - }, - { - "name" : "IV59675", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV59675" - }, - { - "name" : "ibm-aix-cve20140930-dos(92262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV59675", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59675" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/" + }, + { + "name": "IV59045", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59045" + }, + { + "name": "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html" + }, + { + "name": "IV58766", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58766" + }, + { + "name": "IV58888", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58888" + }, + { + "name": "IV58948", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58948" + }, + { + "name": "ibm-aix-cve20140930-dos(92262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262" + }, + { + "name": "IV58861", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58861" + }, + { + "name": "IV58840", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58840" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4073.json b/2014/4xxx/CVE-2014-4073.json index 8eeaec695e0..02e6abf8931 100644 --- a/2014/4xxx/CVE-2014-4073.json +++ b/2014/4xxx/CVE-2014-4073.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka \".NET ClickOnce Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx" - }, - { - "name" : "MS14-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057" - }, - { - "name" : "70313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70313" - }, - { - "name" : "1031021", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031021" - }, - { - "name" : "60969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka \".NET ClickOnce Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057" + }, + { + "name": "60969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60969" + }, + { + "name": "1031021", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031021" + }, + { + "name": "70313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70313" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4390.json b/2014/4xxx/CVE-2014-4390.json index c4f85d81a4c..671cac48141 100644 --- a/2014/4xxx/CVE-2014-4390.json +++ b/2014/4xxx/CVE-2014-4390.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "69901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69901" - }, - { - "name" : "1030868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030868" - }, - { - "name" : "macosx-cve20144390-code-exec(96052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030868" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "69901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69901" + }, + { + "name": "macosx-cve20144390-code-exec(96052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4562.json b/2014/4xxx/CVE-2014-4562.json index 402e26e0223..69e6a6cc4de 100644 --- a/2014/4xxx/CVE-2014-4562.json +++ b/2014/4xxx/CVE-2014-4562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4603.json b/2014/4xxx/CVE-2014-4603.json index dedb4f5cd09..cd593216d81 100644 --- a/2014/4xxx/CVE-2014-4603.json +++ b/2014/4xxx/CVE-2014-4603.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss" - }, - { - "name" : "68401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68401" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4737.json b/2014/4xxx/CVE-2014-4737.json index 6de8db13c36..39b0df9ebff 100644 --- a/2014/4xxx/CVE-2014-4737.json +++ b/2014/4xxx/CVE-2014-4737.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141001 Reflected Cross-Site Scripting (XSS) in Textpattern", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533596/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html" - }, - { - "name" : "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on", - "refsource" : "MISC", - "url" : "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23223", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23223" - }, - { - "name" : "textpattern-cve20144737-xss(96802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "textpattern-cve20144737-xss(96802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96802" + }, + { + "name": "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html" + }, + { + "name": "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on", + "refsource": "MISC", + "url": "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23223", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23223" + }, + { + "name": "20141001 Reflected Cross-Site Scripting (XSS) in Textpattern", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533596/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8120.json b/2014/8xxx/CVE-2014-8120.json index d7de46e5384..619536fadaa 100644 --- a/2014/8xxx/CVE-2014-8120.json +++ b/2014/8xxx/CVE-2014-8120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!", - "refsource" : "MLIST", - "url" : "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html" - }, - { - "name" : "RHSA-2014:2000", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-2000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!", + "refsource": "MLIST", + "url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html" + }, + { + "name": "RHSA-2014:2000", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8300.json b/2014/8xxx/CVE-2014-8300.json index e1f179c77d4..f8fb5754e1e 100644 --- a/2014/8xxx/CVE-2014-8300.json +++ b/2014/8xxx/CVE-2014-8300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8489.json b/2014/8xxx/CVE-2014-8489.json index 70728529daa..75edfcbcaf3 100644 --- a/2014/8xxx/CVE-2014-8489.json +++ b/2014/8xxx/CVE-2014-8489.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141209 CVE-2014-8489 Ping Identity Corporation \"PingFederate 6.10.1 SP Endpoints\" Dest Redirect Privilege Escalation Security Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/35" - }, - { - "name" : "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html" - }, - { - "name" : "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141209 CVE-2014-8489 Ping Identity Corporation \"PingFederate 6.10.1 SP Endpoints\" Dest Redirect Privilege Escalation Security Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/35" + }, + { + "name": "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/", + "refsource": "MISC", + "url": "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/" + }, + { + "name": "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8709.json b/2014/8xxx/CVE-2014-8709.json index 103c6c977e0..7ce6bfc2bd5 100644 --- a/2014/8xxx/CVE-2014-8709.json +++ b/2014/8xxx/CVE-2014-8709.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2014-8709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141109 Re: CVE Request: Linux kernel mac80211 plain text leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/09/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5" - }, - { - "name" : "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-03-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01.html" - }, - { - "name" : "RHSA-2015:0290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" - }, - { - "name" : "RHSA-2015:1272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "70965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70965" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - }, - { - "name" : "linux-kernel-cve20148709-info-disclsoure(98922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f" + }, + { + "name": "RHSA-2015:0290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "[oss-security] 20141109 Re: CVE Request: Linux kernel mac80211 plain text leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/09/1" + }, + { + "name": "linux-kernel-cve20148709-info-disclsoure(98922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98922" + }, + { + "name": "RHSA-2015:1272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html" + }, + { + "name": "70965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70965" + }, + { + "name": "https://source.android.com/security/bulletin/2017-03-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9108.json b/2014/9xxx/CVE-2014-9108.json index e69182d8f0a..fa954f8551d 100644 --- a/2014/9xxx/CVE-2014-9108.json +++ b/2014/9xxx/CVE-2014-9108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9845.json b/2014/9xxx/CVE-2014-9845.json index 8fa4ad3261c..f336aa1384e 100644 --- a/2014/9xxx/CVE-2014-9845.json +++ b/2014/9xxx/CVE-2014-9845.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343503" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:2073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" - }, - { - "name" : "openSUSE-SU-2016:3060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503" + }, + { + "name": "openSUSE-SU-2016:2073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" + }, + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2016:3060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2465.json b/2016/2xxx/CVE-2016-2465.json index ca72e1fe261..31335db1932 100644 --- a/2016/2xxx/CVE-2016-2465.json +++ b/2016/2xxx/CVE-2016-2465.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3723.json b/2016/3xxx/CVE-2016-3723.json index 976045bcff5..f52af25d696 100644 --- a/2016/3xxx/CVE-2016-3723.json +++ b/2016/3xxx/CVE-2016-3723.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" - }, - { - "name" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", - "refsource" : "CONFIRM", - "url" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" - }, - { - "name" : "RHSA-2016:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1206" - }, - { - "name" : "RHSA-2016:1773", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1773.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", + "refsource": "CONFIRM", + "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" + }, + { + "name": "RHSA-2016:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1206" + }, + { + "name": "RHSA-2016:1773", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3761.json b/2016/3xxx/CVE-2016-3761.json index 10babd67045..04b890b92a4 100644 --- a/2016/3xxx/CVE-2016-3761.json +++ b/2016/3xxx/CVE-2016-3761.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3939.json b/2016/3xxx/CVE-2016-3939.json index b8ba79027a7..578ced6609e 100644 --- a/2016/3xxx/CVE-2016-3939.json +++ b/2016/3xxx/CVE-2016-3939.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93336" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6342.json b/2016/6xxx/CVE-2016-6342.json index 0405c9b9540..d976f6bd5e5 100644 --- a/2016/6xxx/CVE-2016-6342.json +++ b/2016/6xxx/CVE-2016-6342.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elog 3.1.1 allows remote attackers to post data as any username in the logbook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1371328", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1371328" - }, - { - "name" : "FEDORA-2016-348a7b6285", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elog 3.1.1 allows remote attackers to post data as any username in the logbook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-348a7b6285", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371328", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371328" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6430.json b/2016/6xxx/CVE-2016-6430.json index 9013d376059..c3316364ea1 100644 --- a/2016/6xxx/CVE-2016-6430.json +++ b/2016/6xxx/CVE-2016-6430.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IP Interoperability and Collaboration System before 5.0(1)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IP Interoperability and Collaboration System before 5.0(1)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Interoperability and Collaboration System before 5.0(1)", + "version": { + "version_data": [ + { + "version_value": "Cisco IP Interoperability and Collaboration System before 5.0(1)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2" - }, - { - "name" : "93919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93919" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6942.json b/2016/6xxx/CVE-2016-6942.json index 17704205a19..02c86bee860 100644 --- a/2016/6xxx/CVE-2016-6942.json +++ b/2016/6xxx/CVE-2016-6942.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7503.json b/2016/7xxx/CVE-2016-7503.json index faa2a130770..d0e2bb8a5b5 100644 --- a/2016/7xxx/CVE-2016-7503.json +++ b/2016/7xxx/CVE-2016-7503.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7503", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7503", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7681.json b/2016/7xxx/CVE-2016-7681.json index ec3a5384ebb..31117294209 100644 --- a/2016/7xxx/CVE-2016-7681.json +++ b/2016/7xxx/CVE-2016-7681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7681", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7681", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7761.json b/2016/7xxx/CVE-2016-7761.json index 516705419c9..81d7f806cad 100644 --- a/2016/7xxx/CVE-2016-7761.json +++ b/2016/7xxx/CVE-2016-7761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"WiFi\" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"WiFi\" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7769.json b/2016/7xxx/CVE-2016-7769.json index 9e212e67345..822dd374e3d 100644 --- a/2016/7xxx/CVE-2016-7769.json +++ b/2016/7xxx/CVE-2016-7769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7769", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7769", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7795.json b/2016/7xxx/CVE-2016-7795.json index 8558bdab266..d5a53de31fa 100644 --- a/2016/7xxx/CVE-2016-7795.json +++ b/2016/7xxx/CVE-2016-7795.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/28/9" - }, - { - "name" : "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/30/1" - }, - { - "name" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", - "refsource" : "MISC", - "url" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet" - }, - { - "name" : "https://github.com/systemd/systemd/issues/4234", - "refsource" : "CONFIRM", - "url" : "https://github.com/systemd/systemd/issues/4234" - }, - { - "name" : "RHSA-2016:2610", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2610.html" - }, - { - "name" : "RHSA-2016:2694", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2694.html" - }, - { - "name" : "USN-3094-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3094-1" - }, - { - "name" : "93223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93223" - }, - { - "name" : "1037320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/30/1" + }, + { + "name": "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/28/9" + }, + { + "name": "93223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93223" + }, + { + "name": "RHSA-2016:2610", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2610.html" + }, + { + "name": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", + "refsource": "MISC", + "url": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet" + }, + { + "name": "USN-3094-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3094-1" + }, + { + "name": "https://github.com/systemd/systemd/issues/4234", + "refsource": "CONFIRM", + "url": "https://github.com/systemd/systemd/issues/4234" + }, + { + "name": "1037320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037320" + }, + { + "name": "RHSA-2016:2694", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2694.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8319.json b/2016/8xxx/CVE-2016-8319.json index c3f09acf55f..5c68fd19295 100644 --- a/2016/8xxx/CVE-2016-8319.json +++ b/2016/8xxx/CVE-2016-8319.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.4" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.4" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95514" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95514" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8640.json b/2016/8xxx/CVE-2016-8640.json index ea51d41e893..55d15a90bf5 100644 --- a/2016/8xxx/CVE-2016-8640.json +++ b/2016/8xxx/CVE-2016-8640.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2016-11-11T00:00:00", - "ID" : "CVE-2016-8640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pycsw", - "version" : { - "version_data" : [ - { - "version_value" : "all versions before 2.0.2, 1.10.5 and 1.8.6" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/geopython" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2016-11-11T00:00:00", + "ID": "CVE-2016-8640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pycsw", + "version": { + "version_data": [ + { + "version_value": "all versions before 2.0.2, 1.10.5 and 1.8.6" + } + ] + } + } + ] + }, + "vendor_name": "https://github.com/geopython" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161111 CVE-2016-8640 pycsw SQL injection issue", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2016/q4/406" - }, - { - "name" : "https://github.com/geopython/pycsw/pull/474/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/geopython/pycsw/pull/474/files" - }, - { - "name" : "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch", - "refsource" : "CONFIRM", - "url" : "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch" - }, - { - "name" : "94302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94302" + }, + { + "name": "https://github.com/geopython/pycsw/pull/474/files", + "refsource": "CONFIRM", + "url": "https://github.com/geopython/pycsw/pull/474/files" + }, + { + "name": "[oss-security] 20161111 CVE-2016-8640 pycsw SQL injection issue", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q4/406" + }, + { + "name": "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch", + "refsource": "CONFIRM", + "url": "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch" + } + ] + } +} \ No newline at end of file