From ff34eeec9b85f39b6de5d789ad45934f7870c12a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:20:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0065.json | 180 ++++++++-------- 2006/0xxx/CVE-2006-0438.json | 180 ++++++++-------- 2006/0xxx/CVE-2006-0609.json | 170 +++++++-------- 2006/0xxx/CVE-2006-0669.json | 160 +++++++------- 2006/0xxx/CVE-2006-0713.json | 180 ++++++++-------- 2006/1xxx/CVE-2006-1011.json | 150 ++++++------- 2006/1xxx/CVE-2006-1726.json | 340 ++++++++++++++--------------- 2006/1xxx/CVE-2006-1838.json | 150 ++++++------- 2006/4xxx/CVE-2006-4019.json | 400 +++++++++++++++++------------------ 2006/5xxx/CVE-2006-5099.json | 160 +++++++------- 2006/5xxx/CVE-2006-5592.json | 180 ++++++++-------- 2010/0xxx/CVE-2010-0289.json | 200 +++++++++--------- 2010/0xxx/CVE-2010-0522.json | 130 ++++++------ 2010/2xxx/CVE-2010-2006.json | 190 ++++++++--------- 2010/2xxx/CVE-2010-2370.json | 120 +++++------ 2010/2xxx/CVE-2010-2497.json | 230 ++++++++++---------- 2010/2xxx/CVE-2010-2859.json | 130 ++++++------ 2010/3xxx/CVE-2010-3306.json | 180 ++++++++-------- 2010/3xxx/CVE-2010-3409.json | 34 +-- 2010/3xxx/CVE-2010-3597.json | 180 ++++++++-------- 2010/3xxx/CVE-2010-3619.json | 200 +++++++++--------- 2010/3xxx/CVE-2010-3932.json | 34 +-- 2010/4xxx/CVE-2010-4216.json | 160 +++++++------- 2010/4xxx/CVE-2010-4541.json | 290 ++++++++++++------------- 2010/4xxx/CVE-2010-4624.json | 170 +++++++-------- 2010/4xxx/CVE-2010-4769.json | 140 ++++++------ 2010/4xxx/CVE-2010-4930.json | 170 +++++++-------- 2011/5xxx/CVE-2011-5293.json | 120 +++++------ 2014/3xxx/CVE-2014-3582.json | 120 +++++------ 2014/3xxx/CVE-2014-3811.json | 120 +++++------ 2014/3xxx/CVE-2014-3933.json | 150 ++++++------- 2014/4xxx/CVE-2014-4141.json | 160 +++++++------- 2014/4xxx/CVE-2014-4910.json | 160 +++++++------- 2014/4xxx/CVE-2014-4981.json | 34 +-- 2014/8xxx/CVE-2014-8205.json | 34 +-- 2014/8xxx/CVE-2014-8283.json | 34 +-- 2014/8xxx/CVE-2014-8607.json | 130 ++++++------ 2014/8xxx/CVE-2014-8832.json | 150 ++++++------- 2014/9xxx/CVE-2014-9068.json | 34 +-- 2014/9xxx/CVE-2014-9174.json | 160 +++++++------- 2014/9xxx/CVE-2014-9397.json | 130 ++++++------ 2014/9xxx/CVE-2014-9411.json | 132 ++++++------ 2016/2xxx/CVE-2016-2192.json | 120 +++++------ 2016/2xxx/CVE-2016-2420.json | 140 ++++++------ 2016/2xxx/CVE-2016-2514.json | 34 +-- 2016/2xxx/CVE-2016-2714.json | 34 +-- 2016/2xxx/CVE-2016-2746.json | 34 +-- 2016/6xxx/CVE-2016-6101.json | 34 +-- 2016/6xxx/CVE-2016-6118.json | 142 ++++++------- 2016/6xxx/CVE-2016-6129.json | 140 ++++++------ 2016/6xxx/CVE-2016-6396.json | 140 ++++++------ 2016/6xxx/CVE-2016-6594.json | 130 ++++++------ 2016/7xxx/CVE-2016-7043.json | 34 +-- 2016/7xxx/CVE-2016-7488.json | 130 ++++++------ 2016/7xxx/CVE-2016-7593.json | 34 +-- 2016/7xxx/CVE-2016-7745.json | 34 +-- 56 files changed, 3828 insertions(+), 3828 deletions(-) diff --git a/2006/0xxx/CVE-2006-0065.json b/2006/0xxx/CVE-2006-0065.json index 236a27e2297..d3f6af2a132 100644 --- a/2006/0xxx/CVE-2006-0065.json +++ b/2006/0xxx/CVE-2006-0065.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420661/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/1/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/1/summary.html" - }, - { - "name" : "16107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16107" - }, - { - "name" : "ADV-2006-0003", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0003" - }, - { - "name" : "22140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22140" - }, - { - "name" : "18273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18273" - }, - { - "name" : "315", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22140" + }, + { + "name": "20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420661/100/0/threaded" + }, + { + "name": "ADV-2006-0003", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0003" + }, + { + "name": "315", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/315" + }, + { + "name": "18273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18273" + }, + { + "name": "16107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16107" + }, + { + "name": "http://evuln.com/vulns/1/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/1/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0438.json b/2006/0xxx/CVE-2006-0438.json index 436c898eb88..7dc4f19379d 100644 --- a/2006/0xxx/CVE-2006-0438.json +++ b/2006/0xxx/CVE-2006-0438.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html" - }, - { - "name" : "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/31" - }, - { - "name" : "ADV-2006-0445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0445" - }, - { - "name" : "22929", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22929" - }, - { - "name" : "18693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18693" - }, - { - "name" : "406", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/406" - }, - { - "name" : "phpbb-referer-header-http-xss(24497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22929", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22929" + }, + { + "name": "ADV-2006-0445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0445" + }, + { + "name": "18693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18693" + }, + { + "name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html" + }, + { + "name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/31" + }, + { + "name": "phpbb-referer-header-http-xss(24497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497" + }, + { + "name": "406", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/406" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0609.json b/2006/0xxx/CVE-2006-0609.json index 4f133212383..9f7058b781f 100644 --- a/2006/0xxx/CVE-2006-0609.json +++ b/2006/0xxx/CVE-2006-0609.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060212 [eVuln] phphd Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424827/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/60/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/60/summary.html" - }, - { - "name" : "16586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16586" - }, - { - "name" : "23027", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23027" - }, - { - "name" : "18793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18793" - }, - { - "name" : "phphd-add-xss(24513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23027", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23027" + }, + { + "name": "phphd-add-xss(24513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24513" + }, + { + "name": "18793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18793" + }, + { + "name": "16586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16586" + }, + { + "name": "20060212 [eVuln] phphd Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424827/100/0/threaded" + }, + { + "name": "http://www.evuln.com/vulns/60/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/60/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0669.json b/2006/0xxx/CVE-2006-0669.json index 5ec3c38ebc3..b5cd15ab767 100644 --- a/2006/0xxx/CVE-2006-0669.json +++ b/2006/0xxx/CVE-2006-0669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060220 vendor dispute for CVE-2006-0669", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-February/000561.html" - }, - { - "name" : "16563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16563" - }, - { - "name" : "23509", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23509" - }, - { - "name" : "1015600", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015600" - }, - { - "name" : "gasforumlight-archive-sql-injection(24616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16563" + }, + { + "name": "gasforumlight-archive-sql-injection(24616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24616" + }, + { + "name": "1015600", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015600" + }, + { + "name": "20060220 vendor dispute for CVE-2006-0669", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-February/000561.html" + }, + { + "name": "23509", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23509" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0713.json b/2006/0xxx/CVE-2006-0713.json index 0688f10d9a1..306d230229a 100644 --- a/2006/0xxx/CVE-2006-0713.json +++ b/2006/0xxx/CVE-2006-0713.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 Linpha <= 1.0 multiple arbitrary local inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424729/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/linpha_10_local.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/linpha_10_local.html" - }, - { - "name" : "16592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16592" - }, - { - "name" : "ADV-2006-0535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0535" - }, - { - "name" : "18808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18808" - }, - { - "name" : "426", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/426" - }, - { - "name" : "linpha-index-file-include(24663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060211 Linpha <= 1.0 multiple arbitrary local inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424729/100/0/threaded" + }, + { + "name": "18808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18808" + }, + { + "name": "linpha-index-file-include(24663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24663" + }, + { + "name": "16592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16592" + }, + { + "name": "426", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/426" + }, + { + "name": "http://retrogod.altervista.org/linpha_10_local.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/linpha_10_local.html" + }, + { + "name": "ADV-2006-0535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0535" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1011.json b/2006/1xxx/CVE-2006-1011.json index 8d22e97c913..bea203b08e4 100644 --- a/2006/1xxx/CVE-2006-1011.json +++ b/2006/1xxx/CVE-2006-1011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16917" - }, - { - "name" : "23599", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23599" - }, - { - "name" : "19074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19074" - }, - { - "name" : "lettermerger-files-disclose-information(25020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16917" + }, + { + "name": "23599", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23599" + }, + { + "name": "lettermerger-files-disclose-information(25020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25020" + }, + { + "name": "19074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19074" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1726.json b/2006/1xxx/CVE-2006-1726.json index 672a5a788e7..d7d1dfa3de8 100644 --- a/2006/1xxx/CVE-2006-1726.json +++ b/2006/1xxx/CVE-2006-1726.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-28.html" - }, - { - "name" : "HPSBTU02118", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded" - }, - { - "name" : "SSRT061145", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "TA06-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-107A.html" - }, - { - "name" : "VU#968814", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/968814" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1968", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1968" - }, - { - "name" : "1015931", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015931" - }, - { - "name" : "1015932", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015932" - }, - { - "name" : "1015933", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015933" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-valuetofunctionobject-sec-bypass(25825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "mozilla-valuetofunctionobject-sec-bypass(25825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25825" + }, + { + "name": "SSRT061145", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded" + }, + { + "name": "1015933", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015933" + }, + { + "name": "1015932", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015932" + }, + { + "name": "1015931", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015931" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "HPSBTU02118", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1968", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1968" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "VU#968814", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/968814" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "TA06-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-107A.html" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1838.json b/2006/1xxx/CVE-2006-1838.json index fc3ed52b713..3c08de6eafb 100644 --- a/2006/1xxx/CVE-2006-1838.json +++ b/2006/1xxx/CVE-2006-1838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1682", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1682" - }, - { - "name" : "17572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17572" - }, - { - "name" : "ADV-2006-1374", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1374" - }, - { - "name" : "19677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17572" + }, + { + "name": "1682", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1682" + }, + { + "name": "ADV-2006-1374", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1374" + }, + { + "name": "19677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19677" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4019.json b/2006/4xxx/CVE-2006-4019.json index 9bbbb568ce6..42e15c2450a 100644 --- a/2006/4xxx/CVE-2006-4019.json +++ b/2006/4xxx/CVE-2006-4019.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442993/100/0/threaded" - }, - { - "name" : "20060811 rPSA-2006-0152-1 squirrelmail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442980/100/0/threaded" - }, - { - "name" : "20060811 rPSA-2006-0152-1 squirrelmail", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115532449024178&w=2" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "20060811 SquirrelMail issue is dynamic variable evaluation", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-August/000970.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-577", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-577" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2006-08-11", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2006-08-11" - }, - { - "name" : "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch", - "refsource" : "MISC", - "url" : "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch" - }, - { - "name" : "DSA-1154", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1154" - }, - { - "name" : "MDKSA-2006:147", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147" - }, - { - "name" : "RHSA-2006:0668", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0668.html" - }, - { - "name" : "20061001-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" - }, - { - "name" : "SUSE-SR:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html" - }, - { - "name" : "19486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19486" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "oval:org.mitre.oval:def:11533", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533" - }, - { - "name" : "ADV-2006-3271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3271" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "27917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27917" - }, - { - "name" : "1016689", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016689" - }, - { - "name" : "21354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21354" - }, - { - "name" : "21444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21444" - }, - { - "name" : "21586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21586" - }, - { - "name" : "22104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22104" - }, - { - "name" : "22487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22487" - }, - { - "name" : "22080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22080" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "squirrelmail-compose-variable-overwrite(28365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21586" + }, + { + "name": "https://issues.rpath.com/browse/RPL-577", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-577" + }, + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "DSA-1154", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1154" + }, + { + "name": "21354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21354" + }, + { + "name": "22487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22487" + }, + { + "name": "1016689", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016689" + }, + { + "name": "SUSE-SR:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "ADV-2006-3271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3271" + }, + { + "name": "21444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21444" + }, + { + "name": "squirrelmail-compose-variable-overwrite(28365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365" + }, + { + "name": "22080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22080" + }, + { + "name": "20060811 SquirrelMail issue is dynamic variable evaluation", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-August/000970.html" + }, + { + "name": "19486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19486" + }, + { + "name": "RHSA-2006:0668", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html" + }, + { + "name": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch", + "refsource": "MISC", + "url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2006-08-11", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2006-08-11" + }, + { + "name": "22104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22104" + }, + { + "name": "20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded" + }, + { + "name": "20060811 rPSA-2006-0152-1 squirrelmail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded" + }, + { + "name": "20060811 rPSA-2006-0152-1 squirrelmail", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115532449024178&w=2" + }, + { + "name": "27917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27917" + }, + { + "name": "oval:org.mitre.oval:def:11533", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "20061001-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" + }, + { + "name": "MDKSA-2006:147", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5099.json b/2006/5xxx/CVE-2006-5099.json index bf929d6ac46..2f131c42606 100644 --- a/2006/5xxx/CVE-2006-5099.json +++ b/2006/5xxx/CVE-2006-5099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.splitbrain.org/?do=details&id=926", - "refsource" : "CONFIRM", - "url" : "http://bugs.splitbrain.org/?do=details&id=926" - }, - { - "name" : "GLSA-200609-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-20.xml" - }, - { - "name" : "ADV-2006-3851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3851" - }, - { - "name" : "22192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22192" - }, - { - "name" : "22199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.splitbrain.org/?do=details&id=926", + "refsource": "CONFIRM", + "url": "http://bugs.splitbrain.org/?do=details&id=926" + }, + { + "name": "ADV-2006-3851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3851" + }, + { + "name": "GLSA-200609-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-20.xml" + }, + { + "name": "22192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22192" + }, + { + "name": "22199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22199" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5592.json b/2006/5xxx/CVE-2006-5592.json index 8cc722cfd93..7d788bdb495 100644 --- a/2006/5xxx/CVE-2006-5592.json +++ b/2006/5xxx/CVE-2006-5592.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to \"xx\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449668/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-445.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-445.html" - }, - { - "name" : "20742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20742" - }, - { - "name" : "ADV-2006-4208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4208" - }, - { - "name" : "22576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22576" - }, - { - "name" : "1788", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1788" - }, - { - "name" : "pacpoll-addpoll-auth-bypass(29801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to \"xx\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1788", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1788" + }, + { + "name": "pacpoll-addpoll-auth-bypass(29801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29801" + }, + { + "name": "20742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20742" + }, + { + "name": "ADV-2006-4208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4208" + }, + { + "name": "http://www.kapda.ir/advisory-445.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-445.html" + }, + { + "name": "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449668/100/0/threaded" + }, + { + "name": "22576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22576" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0289.json b/2010/0xxx/CVE-2010-0289.json index 6bc8b8d340d..215d54fb30f 100644 --- a/2010/0xxx/CVE-2010-0289.json +++ b/2010/0xxx/CVE-2010-0289.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1853", - "refsource" : "CONFIRM", - "url" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1853" - }, - { - "name" : "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security", - "refsource" : "CONFIRM", - "url" : "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security" - }, - { - "name" : "http://freshmeat.net/projects/dokuwiki/tags/security-fix", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/dokuwiki/tags/security-fix" - }, - { - "name" : "DSA-1976", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1976" - }, - { - "name" : "FEDORA-2010-0770", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html" - }, - { - "name" : "FEDORA-2010-0800", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html" - }, - { - "name" : "GLSA-201301-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-07.xml" - }, - { - "name" : "61708", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61708" - }, - { - "name" : "38205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.splitbrain.org/index.php?do=details&task_id=1853", + "refsource": "CONFIRM", + "url": "http://bugs.splitbrain.org/index.php?do=details&task_id=1853" + }, + { + "name": "FEDORA-2010-0770", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html" + }, + { + "name": "GLSA-201301-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-07.xml" + }, + { + "name": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security", + "refsource": "CONFIRM", + "url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security" + }, + { + "name": "http://freshmeat.net/projects/dokuwiki/tags/security-fix", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/dokuwiki/tags/security-fix" + }, + { + "name": "DSA-1976", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1976" + }, + { + "name": "61708", + "refsource": "OSVDB", + "url": "http://osvdb.org/61708" + }, + { + "name": "FEDORA-2010-0800", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html" + }, + { + "name": "38205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38205" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0522.json b/2010/0xxx/CVE-2010-0522.json index 603d80588ef..c3c1ab71bc3 100644 --- a/2010/0xxx/CVE-2010-0522.json +++ b/2010/0xxx/CVE-2010-0522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2006.json b/2010/2xxx/CVE-2010-2006.json index da61f74568c..12694d486b7 100644 --- a/2010/2xxx/CVE-2010-2006.json +++ b/2010/2xxx/CVE-2010-2006.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100115 SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508947/100/0/threaded" - }, - { - "name" : "https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt" - }, - { - "name" : "DSA-2146", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2146" - }, - { - "name" : "37828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37828" - }, - { - "name" : "61834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61834" - }, - { - "name" : "38237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38237" - }, - { - "name" : "42900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42900" - }, - { - "name" : "letodms-oplogin-file-include(55709)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38237" + }, + { + "name": "https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt" + }, + { + "name": "letodms-oplogin-file-include(55709)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55709" + }, + { + "name": "42900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42900" + }, + { + "name": "37828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37828" + }, + { + "name": "20100115 SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508947/100/0/threaded" + }, + { + "name": "61834", + "refsource": "OSVDB", + "url": "http://osvdb.org/61834" + }, + { + "name": "DSA-2146", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2146" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2370.json b/2010/2xxx/CVE-2010-2370.json index 07e8b954d2e..ff3f92fbf2a 100644 --- a/2010/2xxx/CVE-2010-2370.json +++ b/2010/2xxx/CVE-2010-2370.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2497.json b/2010/2xxx/CVE-2010-2497.json index d29258c964c..9f54684532b 100644 --- a/2010/2xxx/CVE-2010-2497.json +++ b/2010/2xxx/CVE-2010-2497.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freetype] 20100712 FreeType 2.4.0 has been released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" - }, - { - "name" : "[oss-security] 20100713 Multiple bugs in freetype", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2" - }, - { - "name" : "[oss-security] 20100714 Re: Multiple bugs in freetype", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613154", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613154" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?30082", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?30082" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?30083", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?30083" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-2070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2070" - }, - { - "name" : "MDVSA-2010:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.nongnu.org/bugs/?30082", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?30082" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "[freetype] 20100712 FreeType 2.4.0 has been released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "[oss-security] 20100714 Re: Multiple bugs in freetype", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127909326909362&w=2" + }, + { + "name": "DSA-2070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2070" + }, + { + "name": "[oss-security] 20100713 Multiple bugs in freetype", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127905701201340&w=2" + }, + { + "name": "MDVSA-2010:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=613154", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613154" + }, + { + "name": "https://savannah.nongnu.org/bugs/?30083", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?30083" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2859.json b/2010/2xxx/CVE-2010-2859.json index b477c6f234d..24a7ef4a564 100644 --- a/2010/2xxx/CVE-2010-2859.json +++ b/2010/2xxx/CVE-2010-2859.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100709 Vulnerabilities in SimpNews", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512271/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100709 Vulnerabilities in SimpNews", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512271/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3306.json b/2010/3xxx/CVE-2010-3306.json index 223f03c68b6..9c8aaf48247 100644 --- a/2010/3xxx/CVE-2010-3306.json +++ b/2010/3xxx/CVE-2010-3306.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14925", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14925/" - }, - { - "name" : "[oss-security] 20100916 CVE request: weborf: directory traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/17/3" - }, - { - "name" : "[oss-security] 20100917 Re: CVE request: weborf: directory traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/17/8" - }, - { - "name" : "http://code.google.com/p/weborf/source/detail?r=464", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/weborf/source/detail?r=464" - }, - { - "name" : "http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3", - "refsource" : "CONFIRM", - "url" : "http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3" - }, - { - "name" : "67840", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67840" - }, - { - "name" : "41286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100916 CVE request: weborf: directory traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/17/3" + }, + { + "name": "67840", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67840" + }, + { + "name": "41286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41286" + }, + { + "name": "http://code.google.com/p/weborf/source/detail?r=464", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/weborf/source/detail?r=464" + }, + { + "name": "[oss-security] 20100917 Re: CVE request: weborf: directory traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/17/8" + }, + { + "name": "14925", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14925/" + }, + { + "name": "http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3", + "refsource": "CONFIRM", + "url": "http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3409.json b/2010/3xxx/CVE-2010-3409.json index 819f64ae545..7c0caf77488 100644 --- a/2010/3xxx/CVE-2010-3409.json +++ b/2010/3xxx/CVE-2010-3409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3409", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1824. Reason: This candidate is a duplicate of CVE-2010-1824. Notes: All CVE users should reference CVE-2010-1824 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3409", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1824. Reason: This candidate is a duplicate of CVE-2010-1824. Notes: All CVE users should reference CVE-2010-1824 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3597.json b/2010/3xxx/CVE-2010-3597.json index 7c14d279da6..ed6ba210af0 100644 --- a/2010/3xxx/CVE-2010-3597.json +++ b/2010/3xxx/CVE-2010-3597.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "45901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45901" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42992" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-outside-viewer-dos(64778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "oracle-outside-viewer-dos(64778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64778" + }, + { + "name": "45901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45901" + }, + { + "name": "42992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42992" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3619.json b/2010/3xxx/CVE-2010-3619.json index c5014fec261..b9b11527201 100644 --- a/2010/3xxx/CVE-2010-3619.json +++ b/2010/3xxx/CVE-2010-3619.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7385", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7385" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:7385", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7385" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3932.json b/2010/3xxx/CVE-2010-3932.json index d571cdaf51d..107b60b8adc 100644 --- a/2010/3xxx/CVE-2010-3932.json +++ b/2010/3xxx/CVE-2010-3932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3932", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3932", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4216.json b/2010/4xxx/CVE-2010-4216.json index e2056cbbc5c..1235ce63d2f 100644 --- a/2010/4xxx/CVE-2010-4216.json +++ b/2010/4xxx/CVE-2010-4216.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IO13306", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO13306" - }, - { - "name" : "44604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44604" - }, - { - "name" : "42116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42116" - }, - { - "name" : "ADV-2010-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2863" - }, - { - "name" : "ibm-tds-ber-ldap-dos(62977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44604" + }, + { + "name": "ibm-tds-ber-ldap-dos(62977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62977" + }, + { + "name": "IO13306", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO13306" + }, + { + "name": "42116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42116" + }, + { + "name": "ADV-2010-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2863" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4541.json b/2010/4xxx/CVE-2010-4541.json index 9199191458f..bc9e91d0844 100644 --- a/2010/4xxx/CVE-2010-4541.json +++ b/2010/4xxx/CVE-2010-4541.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long \"Number of lights\" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110103 CVE request for buffer overflows in gimp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/03/2" - }, - { - "name" : "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/04/7" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=666793", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=666793" - }, - { - "name" : "DSA-2426", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2426" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "MDVSA-2011:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" - }, - { - "name" : "RHSA-2011:0837", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0837.html" - }, - { - "name" : "RHSA-2011:0838", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0838.html" - }, - { - "name" : "RHSA-2011:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0839.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "70281", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70281" - }, - { - "name" : "42771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42771" - }, - { - "name" : "44750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44750" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - }, - { - "name" : "48236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48236" - }, - { - "name" : "ADV-2011-0016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0016" - }, - { - "name" : "gimp-sphere-designer-bo(64581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long \"Number of lights\" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2426", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2426" + }, + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=666793", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793" + }, + { + "name": "ADV-2011-0016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0016" + }, + { + "name": "RHSA-2011:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" + }, + { + "name": "RHSA-2011:0837", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "RHSA-2011:0838", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" + }, + { + "name": "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/04/7" + }, + { + "name": "44750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44750" + }, + { + "name": "42771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42771" + }, + { + "name": "70281", + "refsource": "OSVDB", + "url": "http://osvdb.org/70281" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "[oss-security] 20110103 CVE request for buffer overflows in gimp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/03/2" + }, + { + "name": "48236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48236" + }, + { + "name": "gimp-sphere-designer-bo(64581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" + }, + { + "name": "MDVSA-2011:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4624.json b/2010/4xxx/CVE-2010-4624.json index c3ee167954b..30856b7caf8 100644 --- a/2010/4xxx/CVE-2010-4624.json +++ b/2010/4xxx/CVE-2010-4624.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/08/7" - }, - { - "name" : "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/11/8" - }, - { - "name" : "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/06/2" - }, - { - "name" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" - }, - { - "name" : "http://dev.mybboard.net/issues/728", - "refsource" : "CONFIRM", - "url" : "http://dev.mybboard.net/issues/728" - }, - { - "name" : "mybb-mycodes-security-bypass(64518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" + }, + { + "name": "http://dev.mybboard.net/issues/728", + "refsource": "CONFIRM", + "url": "http://dev.mybboard.net/issues/728" + }, + { + "name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/08/7" + }, + { + "name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/11/8" + }, + { + "name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/06/2" + }, + { + "name": "mybb-mycodes-security-bypass(64518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64518" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4769.json b/2010/4xxx/CVE-2010-4769.json index 925e25aeac3..2c6283a9b87 100644 --- a/2010/4xxx/CVE-2010-4769.json +++ b/2010/4xxx/CVE-2010-4769.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15585", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15585" - }, - { - "name" : "44992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44992" - }, - { - "name" : "42324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44992" + }, + { + "name": "15585", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15585" + }, + { + "name": "42324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42324" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4930.json b/2010/4xxx/CVE-2010-4930.json index d08fa6d338a..ba296ce40c1 100644 --- a/2010/4xxx/CVE-2010-4930.json +++ b/2010/4xxx/CVE-2010-4930.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100921 [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513890/100/0/threaded" - }, - { - "name" : "43377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43377" - }, - { - "name" : "68183", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68183" - }, - { - "name" : "41555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41555" - }, - { - "name" : "8455", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8455" - }, - { - "name" : "atmail-index-xss(61958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41555" + }, + { + "name": "68183", + "refsource": "OSVDB", + "url": "http://osvdb.org/68183" + }, + { + "name": "43377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43377" + }, + { + "name": "8455", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8455" + }, + { + "name": "20100921 [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513890/100/0/threaded" + }, + { + "name": "atmail-index-xss(61958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61958" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5293.json b/2011/5xxx/CVE-2011-5293.json index ba9feb8289d..53c8f910647 100644 --- a/2011/5xxx/CVE-2011-5293.json +++ b/2011/5xxx/CVE-2011-5293.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23020", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23020", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23020" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3582.json b/2014/3xxx/CVE-2014-3582.json index 21e66fa1afd..464edb850fc 100644 --- a/2014/3xxx/CVE-2014-3582.json +++ b/2014/3xxx/CVE-2014-3582.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3811.json b/2014/3xxx/CVE-2014-3811.json index 505f7b847bb..806a03c627c 100644 --- a/2014/3xxx/CVE-2014-3811.json +++ b/2014/3xxx/CVE-2014-3811.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3933.json b/2014/3xxx/CVE-2014-3933.json index d40244bfb7f..7c38b476b86 100644 --- a/2014/3xxx/CVE-2014-3933.json +++ b/2014/3xxx/CVE-2014-3933.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2267485", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2267485" - }, - { - "name" : "https://drupal.org/node/2267475", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2267475" - }, - { - "name" : "67545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67545" - }, - { - "name" : "58399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2267475", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2267475" + }, + { + "name": "67545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67545" + }, + { + "name": "https://drupal.org/node/2267485", + "refsource": "MISC", + "url": "https://drupal.org/node/2267485" + }, + { + "name": "58399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58399" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4141.json b/2014/4xxx/CVE-2014-4141.json index c87c966eefe..52d03d86372 100644 --- a/2014/4xxx/CVE-2014-4141.json +++ b/2014/4xxx/CVE-2014-4141.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40685", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40685/" - }, - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70342" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40685", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40685/" + }, + { + "name": "70342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70342" + }, + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4910.json b/2014/4xxx/CVE-2014-4910.json index 1aff7589192..41421e15aef 100644 --- a/2014/4xxx/CVE-2014-4910.json +++ b/2014/4xxx/CVE-2014-4910.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140704 X.Org intel driver dev snapshots, backlight helper issue", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/39" - }, - { - "name" : "[oss-security] 20140711 Re: X.Org intel driver dev snapshots, backlight helper issue", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/138" - }, - { - "name" : "[xorg-commit] 20140704 xf86-video-intel: tools/backlight_helper.c", - "refsource" : "MLIST", - "url" : "http://lists.x.org/archives/xorg-commit/2014-July/036840.html" - }, - { - "name" : "108851", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/108851" - }, - { - "name" : "xorg-x86-driver-dir-traversal(94746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "108851", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/108851" + }, + { + "name": "[oss-security] 20140704 X.Org intel driver dev snapshots, backlight helper issue", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/39" + }, + { + "name": "[xorg-commit] 20140704 xf86-video-intel: tools/backlight_helper.c", + "refsource": "MLIST", + "url": "http://lists.x.org/archives/xorg-commit/2014-July/036840.html" + }, + { + "name": "xorg-x86-driver-dir-traversal(94746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94746" + }, + { + "name": "[oss-security] 20140711 Re: X.Org intel driver dev snapshots, backlight helper issue", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/138" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4981.json b/2014/4xxx/CVE-2014-4981.json index d40f7638432..b33bbcfa2ba 100644 --- a/2014/4xxx/CVE-2014-4981.json +++ b/2014/4xxx/CVE-2014-4981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8205.json b/2014/8xxx/CVE-2014-8205.json index 58a4c6fff83..86bc618d4a6 100644 --- a/2014/8xxx/CVE-2014-8205.json +++ b/2014/8xxx/CVE-2014-8205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8205", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8205", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8283.json b/2014/8xxx/CVE-2014-8283.json index 206c1b22be0..cc2debed437 100644 --- a/2014/8xxx/CVE-2014-8283.json +++ b/2014/8xxx/CVE-2014-8283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8283", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8283", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8607.json b/2014/8xxx/CVE-2014-8607.json index 5c99eaea939..5451b3ab540 100644 --- a/2014/8xxx/CVE-2014-8607.json +++ b/2014/8xxx/CVE-2014-8607.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=110", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=110", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=110" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8832.json b/2014/8xxx/CVE-2014-8832.json index 605e1b19ce3..b48b54e301f 100644 --- a/2014/8xxx/CVE-2014-8832.json +++ b/2014/8xxx/CVE-2014-8832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148832-info-disc(100528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20148832-info-disc(100528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100528" + }, + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9068.json b/2014/9xxx/CVE-2014-9068.json index 2229401b4eb..5724155562e 100644 --- a/2014/9xxx/CVE-2014-9068.json +++ b/2014/9xxx/CVE-2014-9068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9174.json b/2014/9xxx/CVE-2014-9174.json index b61109c9232..803cdbef5dd 100644 --- a/2014/9xxx/CVE-2014-9174.json +++ b/2014/9xxx/CVE-2014-9174.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"Manually enter your UA code\" (manual_ua_code_field) field in the General Settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/7692", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7692" - }, - { - "name" : "https://twitter.com/yoast/status/537569224307511296", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/yoast/status/537569224307511296" - }, - { - "name" : "https://wordpress.org/plugins/google-analytics-for-wordpress/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/google-analytics-for-wordpress/changelog/" - }, - { - "name" : "71330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71330" - }, - { - "name" : "wp-googleanalyticsbyyoast-xss(99053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"Manually enter your UA code\" (manual_ua_code_field) field in the General Settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/7692", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7692" + }, + { + "name": "wp-googleanalyticsbyyoast-xss(99053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99053" + }, + { + "name": "71330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71330" + }, + { + "name": "https://twitter.com/yoast/status/537569224307511296", + "refsource": "CONFIRM", + "url": "https://twitter.com/yoast/status/537569224307511296" + }, + { + "name": "https://wordpress.org/plugins/google-analytics-for-wordpress/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/google-analytics-for-wordpress/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9397.json b/2014/9xxx/CVE-2014-9397.json index afdad60733a..d1c0af917f2 100644 --- a/2014/9xxx/CVE-2014-9397.json +++ b/2014/9xxx/CVE-2014-9397.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129643/WordPress-twimp-wp-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129643/WordPress-twimp-wp-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "twimp-twimpwp-csrf(99380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "twimp-twimpwp-csrf(99380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99380" + }, + { + "name": "http://packetstormsecurity.com/files/129643/WordPress-twimp-wp-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129643/WordPress-twimp-wp-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9411.json b/2014/9xxx/CVE-2014-9411.json index 4b4bfd28533..8325224d42f 100644 --- a/2014/9xxx/CVE-2014-9411.json +++ b/2014/9xxx/CVE-2014-9411.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2014-9411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Out-of-range Pointer Offset in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2014-9411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2192.json b/2016/2xxx/CVE-2016-2192.json index 01007e56200..0344b4b0c20 100644 --- a/2016/2xxx/CVE-2016-2192.json +++ b/2016/2xxx/CVE-2016-2192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tada.github.io/pljava/releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://tada.github.io/pljava/releasenotes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tada.github.io/pljava/releasenotes.html", + "refsource": "CONFIRM", + "url": "https://tada.github.io/pljava/releasenotes.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2420.json b/2016/2xxx/CVE-2016-2420.json index a61b382e01e..ccd9a6acade 100644 --- a/2016/2xxx/CVE-2016-2420.json +++ b/2016/2xxx/CVE-2016-2420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2514.json b/2016/2xxx/CVE-2016-2514.json index 98aa584c846..ea7f525f9eb 100644 --- a/2016/2xxx/CVE-2016-2514.json +++ b/2016/2xxx/CVE-2016-2514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2714.json b/2016/2xxx/CVE-2016-2714.json index 911aaa345e7..dfa5720a874 100644 --- a/2016/2xxx/CVE-2016-2714.json +++ b/2016/2xxx/CVE-2016-2714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2714", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2714", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2746.json b/2016/2xxx/CVE-2016-2746.json index 45fbe357bb2..8a2bf483fc0 100644 --- a/2016/2xxx/CVE-2016-2746.json +++ b/2016/2xxx/CVE-2016-2746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2746", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2746", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6101.json b/2016/6xxx/CVE-2016-6101.json index f92f1a12ed1..89472365abb 100644 --- a/2016/6xxx/CVE-2016-6101.json +++ b/2016/6xxx/CVE-2016-6101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6101", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6101", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6118.json b/2016/6xxx/CVE-2016-6118.json index 74d6bb8a3e1..2b7dda21afd 100644 --- a/2016/6xxx/CVE-2016-6118.json +++ b/2016/6xxx/CVE-2016-6118.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2016-6118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Supplier Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : " 10.1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2016-6118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Supplier Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": " 10.1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118356", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118356" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005824", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005824" - }, - { - "name" : "99926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118356", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118356" + }, + { + "name": "99926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99926" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005824", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005824" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6129.json b/2016/6xxx/CVE-2016-6129.json index d3809e55fe9..da203bacbbe 100644 --- a/2016/6xxx/CVE-2016-6129.json +++ b/2016/6xxx/CVE-2016-6129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370955", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370955" - }, - { - "name" : "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0", - "refsource" : "CONFIRM", - "url" : "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0" - }, - { - "name" : "https://www.op-tee.org/advisories/", - "refsource" : "CONFIRM", - "url" : "https://www.op-tee.org/advisories/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0", + "refsource": "CONFIRM", + "url": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955" + }, + { + "name": "https://www.op-tee.org/advisories/", + "refsource": "CONFIRM", + "url": "https://www.op-tee.org/advisories/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6396.json b/2016/6xxx/CVE-2016-6396.json index 14d13d5835d..662e7254f79 100644 --- a/2016/6xxx/CVE-2016-6396.json +++ b/2016/6xxx/CVE-2016-6396.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1" - }, - { - "name" : "92826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92826" - }, - { - "name" : "1036756", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92826" + }, + { + "name": "1036756", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036756" + }, + { + "name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6594.json b/2016/6xxx/CVE-2016-6594.json index c18a89c38f6..1679191bb0c 100644 --- a/2016/6xxx/CVE-2016-6594.json +++ b/2016/6xxx/CVE-2016-6594.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-6594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bto.bluecoat.com/security-advisory/sa130", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa130" - }, - { - "name" : "91404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91404" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa130", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa130" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7043.json b/2016/7xxx/CVE-2016-7043.json index 1fd6b51c598..46a1512e7c6 100644 --- a/2016/7xxx/CVE-2016-7043.json +++ b/2016/7xxx/CVE-2016-7043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7488.json b/2016/7xxx/CVE-2016-7488.json index 3321f86b3e8..0e71b960c8a 100644 --- a/2016/7xxx/CVE-2016-7488.json +++ b/2016/7xxx/CVE-2016-7488.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "ID" : "CVE-2016-7488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Virtual Machine Community Edition", - "version" : { - "version_data" : [ - { - "version_value" : "v15.10" - } - ] - } - } - ] - }, - "vendor_name" : "Teradata" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "perm" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "ID": "CVE-2016-7488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Virtual Machine Community Edition", + "version": { + "version_data": [ + { + "version_value": "v15.10" + } + ] + } + } + ] + }, + "vendor_name": "Teradata" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=172", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=172" - }, - { - "name" : "94262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "perm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94262" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=172", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=172" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7593.json b/2016/7xxx/CVE-2016-7593.json index 0df73cab2cb..503674b7f12 100644 --- a/2016/7xxx/CVE-2016-7593.json +++ b/2016/7xxx/CVE-2016-7593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7593", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7593", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7745.json b/2016/7xxx/CVE-2016-7745.json index 5b8739d8c8f..0bf267e7b17 100644 --- a/2016/7xxx/CVE-2016-7745.json +++ b/2016/7xxx/CVE-2016-7745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7745", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file