From eb3d00d11faff514afa532111b38409f30833625 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:06:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1382.json | 188 +++++++++++----------- 2006/1xxx/CVE-2006-1527.json | 290 ++++++++++++++++----------------- 2006/1xxx/CVE-2006-1744.json | 178 ++++++++++----------- 2006/5xxx/CVE-2006-5155.json | 158 +++++++++--------- 2006/5xxx/CVE-2006-5194.json | 148 ++++++++--------- 2006/5xxx/CVE-2006-5224.json | 158 +++++++++--------- 2006/5xxx/CVE-2006-5833.json | 188 +++++++++++----------- 2007/2xxx/CVE-2007-2289.json | 138 ++++++++-------- 2007/2xxx/CVE-2007-2290.json | 178 ++++++++++----------- 2007/2xxx/CVE-2007-2328.json | 148 ++++++++--------- 2007/2xxx/CVE-2007-2330.json | 168 ++++++++++---------- 2007/2xxx/CVE-2007-2601.json | 158 +++++++++--------- 2007/2xxx/CVE-2007-2653.json | 34 ++-- 2007/2xxx/CVE-2007-2862.json | 158 +++++++++--------- 2010/0xxx/CVE-2010-0651.json | 280 ++++++++++++++++---------------- 2010/0xxx/CVE-2010-0656.json | 300 +++++++++++++++++------------------ 2010/0xxx/CVE-2010-0689.json | 198 +++++++++++------------ 2010/0xxx/CVE-2010-0805.json | 198 +++++++++++------------ 2010/0xxx/CVE-2010-0992.json | 148 ++++++++--------- 2010/1xxx/CVE-2010-1210.json | 138 ++++++++-------- 2010/1xxx/CVE-2010-1256.json | 158 +++++++++--------- 2010/1xxx/CVE-2010-1278.json | 158 +++++++++--------- 2010/1xxx/CVE-2010-1707.json | 128 +++++++-------- 2010/1xxx/CVE-2010-1873.json | 178 ++++++++++----------- 2010/3xxx/CVE-2010-3275.json | 250 ++++++++++++++--------------- 2010/4xxx/CVE-2010-4319.json | 34 ++-- 2010/4xxx/CVE-2010-4441.json | 178 ++++++++++----------- 2010/4xxx/CVE-2010-4619.json | 148 ++++++++--------- 2010/4xxx/CVE-2010-4919.json | 138 ++++++++-------- 2010/5xxx/CVE-2010-5222.json | 118 +++++++------- 2014/0xxx/CVE-2014-0044.json | 148 ++++++++--------- 2014/0xxx/CVE-2014-0595.json | 138 ++++++++-------- 2014/0xxx/CVE-2014-0622.json | 158 +++++++++--------- 2014/0xxx/CVE-2014-0919.json | 188 +++++++++++----------- 2014/1xxx/CVE-2014-1815.json | 118 +++++++------- 2014/1xxx/CVE-2014-1845.json | 158 +++++++++--------- 2014/4xxx/CVE-2014-4179.json | 34 ++-- 2014/4xxx/CVE-2014-4324.json | 34 ++-- 2014/9xxx/CVE-2014-9194.json | 118 +++++++------- 2014/9xxx/CVE-2014-9359.json | 34 ++-- 2014/9xxx/CVE-2014-9444.json | 138 ++++++++-------- 2014/9xxx/CVE-2014-9846.json | 228 +++++++++++++------------- 2014/9xxx/CVE-2014-9883.json | 138 ++++++++-------- 2016/3xxx/CVE-2016-3061.json | 34 ++-- 2016/3xxx/CVE-2016-3218.json | 128 +++++++-------- 2016/3xxx/CVE-2016-3440.json | 148 ++++++++--------- 2016/3xxx/CVE-2016-3805.json | 118 +++++++------- 2016/3xxx/CVE-2016-3902.json | 138 ++++++++-------- 2016/7xxx/CVE-2016-7224.json | 148 ++++++++--------- 2016/7xxx/CVE-2016-7356.json | 34 ++-- 2016/7xxx/CVE-2016-7590.json | 34 ++-- 2016/7xxx/CVE-2016-7689.json | 34 ++-- 2016/8xxx/CVE-2016-8632.json | 148 ++++++++--------- 2016/8xxx/CVE-2016-8654.json | 202 +++++++++++------------ 2016/8xxx/CVE-2016-8840.json | 34 ++-- 2016/8xxx/CVE-2016-8900.json | 34 ++-- 2016/9xxx/CVE-2016-9071.json | 150 +++++++++--------- 57 files changed, 4028 insertions(+), 4028 deletions(-) diff --git a/2006/1xxx/CVE-2006-1382.json b/2006/1xxx/CVE-2006-1382.json index 98685545b20c..c3130fb1311f 100644 --- a/2006/1xxx/CVE-2006-1382.json +++ b/2006/1xxx/CVE-2006-1382.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070504 Remote File Include In Script impex", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467666/100/0/threaded" - }, - { - "name" : "20060323 XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044318.html" - }, - { - "name" : "17206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17206" - }, - { - "name" : "ADV-2006-1056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1056" - }, - { - "name" : "24070", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24070" - }, - { - "name" : "19352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19352" - }, - { - "name" : "impex-impexdata-file-include(25391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25391" - }, - { - "name" : "impex-systempath-file-include(34095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070504 Remote File Include In Script impex", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded" + }, + { + "name": "20060323 XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044318.html" + }, + { + "name": "ADV-2006-1056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1056" + }, + { + "name": "17206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17206" + }, + { + "name": "impex-systempath-file-include(34095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" + }, + { + "name": "19352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19352" + }, + { + "name": "impex-impexdata-file-include(25391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25391" + }, + { + "name": "24070", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24070" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1527.json b/2006/1xxx/CVE-2006-1527.json index 5edf74976ea7..ca63cecb7fc2 100644 --- a/2006/1xxx/CVE-2006-1527.json +++ b/2006/1xxx/CVE-2006-1527.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "MDKSA-2006:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17806" - }, - { - "name" : "oval:org.mitre.oval:def:10373", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10373" - }, - { - "name" : "ADV-2006-1632", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1632" - }, - { - "name" : "25229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25229" - }, - { - "name" : "19926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19926" - }, - { - "name" : "20157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20157" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "linux-sctp-netfilter-dos(26194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "ADV-2006-1632", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1632" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "25229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25229" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "linux-sctp-netfilter-dos(26194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26194" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "oval:org.mitre.oval:def:10373", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10373" + }, + { + "name": "17806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17806" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "19926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19926" + }, + { + "name": "MDKSA-2006:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" + }, + { + "name": "20157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20157" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1744.json b/2006/1xxx/CVE-2006-1744.json index 76f0fc833f38..a3997b09e3ab 100644 --- a/2006/1xxx/CVE-2006-1744.json +++ b/2006/1xxx/CVE-2006-1744.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pulltheplug.org/fu/?q=node/56", - "refsource" : "MISC", - "url" : "http://www.pulltheplug.org/fu/?q=node/56" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989" - }, - { - "name" : "DSA-1036", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1036" - }, - { - "name" : "17401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17401" - }, - { - "name" : "24634", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24634" - }, - { - "name" : "19687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19687" - }, - { - "name" : "736", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/736" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989" + }, + { + "name": "http://www.pulltheplug.org/fu/?q=node/56", + "refsource": "MISC", + "url": "http://www.pulltheplug.org/fu/?q=node/56" + }, + { + "name": "736", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/736" + }, + { + "name": "DSA-1036", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1036" + }, + { + "name": "17401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17401" + }, + { + "name": "19687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19687" + }, + { + "name": "24634", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24634" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5155.json b/2006/5xxx/CVE-2006-5155.json index ea985e185a07..e65397cda8f5 100644 --- a/2006/5xxx/CVE-2006-5155.json +++ b/2006/5xxx/CVE-2006-5155.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2455", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2455" - }, - { - "name" : "20265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20265" - }, - { - "name" : "ADV-2006-3864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3864" - }, - { - "name" : "22184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22184" - }, - { - "name" : "videodb-pdf-file-include(29260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29260" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3864" + }, + { + "name": "22184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22184" + }, + { + "name": "2455", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2455" + }, + { + "name": "20265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20265" + }, + { + "name": "videodb-pdf-file-include(29260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29260" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5194.json b/2006/5xxx/CVE-2006-5194.json index d7022537344b..d0d394c2113f 100644 --- a/2006/5xxx/CVE-2006-5194.json +++ b/2006/5xxx/CVE-2006-5194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061002 Re: net2ftp: a web based FTP client :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447535/100/0/threaded" - }, - { - "name" : "20313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20313" - }, - { - "name" : "ADV-2006-3890", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3890" - }, - { - "name" : "22255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22255" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061002 Re: net2ftp: a web based FTP client :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded" + }, + { + "name": "ADV-2006-3890", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3890" + }, + { + "name": "22255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22255" + }, + { + "name": "20313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20313" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5224.json b/2006/5xxx/CVE-2006-5224.json index bbe0cee0b4cf..2cc2e07b80a3 100644 --- a/2006/5xxx/CVE-2006-5224.json +++ b/2006/5xxx/CVE-2006-5224.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2480", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2480" - }, - { - "name" : "20370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20370" - }, - { - "name" : "ADV-2006-3926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3926" - }, - { - "name" : "22290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22290" - }, - { - "name" : "security-suite-logger-file-include(29321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29321" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "security-suite-logger-file-include(29321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29321" + }, + { + "name": "2480", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2480" + }, + { + "name": "20370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20370" + }, + { + "name": "ADV-2006-3926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3926" + }, + { + "name": "22290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22290" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5833.json b/2006/5xxx/CVE-2006-5833.json index 0761716a855a..e7e799bbc268 100644 --- a/2006/5xxx/CVE-2006-5833.json +++ b/2006/5xxx/CVE-2006-5833.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061107 GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450785/100/0/threaded" - }, - { - "name" : "http://newhack.org/advisories/GreenBeastCMS.txt", - "refsource" : "MISC", - "url" : "http://newhack.org/advisories/GreenBeastCMS.txt" - }, - { - "name" : "20950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20950" - }, - { - "name" : "ADV-2006-4416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4416" - }, - { - "name" : "1017176", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017176" - }, - { - "name" : "22769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22769" - }, - { - "name" : "1841", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1841" - }, - { - "name" : "greenbeastcms-uploader-file-upload(30069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30069" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1841", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1841" + }, + { + "name": "greenbeastcms-uploader-file-upload(30069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30069" + }, + { + "name": "ADV-2006-4416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4416" + }, + { + "name": "http://newhack.org/advisories/GreenBeastCMS.txt", + "refsource": "MISC", + "url": "http://newhack.org/advisories/GreenBeastCMS.txt" + }, + { + "name": "22769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22769" + }, + { + "name": "20061107 GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450785/100/0/threaded" + }, + { + "name": "1017176", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017176" + }, + { + "name": "20950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20950" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2289.json b/2007/2xxx/CVE-2007-2289.json index 23f3558ba1dd..4f94a0c2ef21 100644 --- a/2007/2xxx/CVE-2007-2289.json +++ b/2007/2xxx/CVE-2007-2289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 download engine V1.4.1 >> RFI (local)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466890/100/0/threaded" - }, - { - "name" : "35401", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35401" - }, - { - "name" : "downloadengine-insertlink-file-include(33918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33918" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070425 download engine V1.4.1 >> RFI (local)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466890/100/0/threaded" + }, + { + "name": "35401", + "refsource": "OSVDB", + "url": "http://osvdb.org/35401" + }, + { + "name": "downloadengine-insertlink-file-include(33918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33918" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2290.json b/2007/2xxx/CVE-2007-2290.json index b593a89410f1..8757713a7507 100644 --- a/2007/2xxx/CVE-2007-2290.json +++ b/2007/2xxx/CVE-2007-2290.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466860/100/0/threaded" - }, - { - "name" : "23659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23659" - }, - { - "name" : "35550", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35550" - }, - { - "name" : "35551", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35551" - }, - { - "name" : "35552", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35552" - }, - { - "name" : "2632", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2632" - }, - { - "name" : "b2-b2inc-file-include(33884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35550", + "refsource": "OSVDB", + "url": "http://osvdb.org/35550" + }, + { + "name": "20070425 B2 Weblog and News Publishing Tool v0.6.1 >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466860/100/0/threaded" + }, + { + "name": "23659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23659" + }, + { + "name": "2632", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2632" + }, + { + "name": "35551", + "refsource": "OSVDB", + "url": "http://osvdb.org/35551" + }, + { + "name": "35552", + "refsource": "OSVDB", + "url": "http://osvdb.org/35552" + }, + { + "name": "b2-b2inc-file-include(33884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33884" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2328.json b/2007/2xxx/CVE-2007-2328.json index 24bf5895167c..4b3938cb92d0 100644 --- a/2007/2xxx/CVE-2007-2328.json +++ b/2007/2xxx/CVE-2007-2328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 phpMYTGP v v1.4b >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466845/100/0/threaded" - }, - { - "name" : "34161", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34161" - }, - { - "name" : "2636", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2636" - }, - { - "name" : "phpmytgp-addvip-file-include(33880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33880" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2636", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2636" + }, + { + "name": "phpmytgp-addvip-file-include(33880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33880" + }, + { + "name": "20070425 phpMYTGP v v1.4b >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466845/100/0/threaded" + }, + { + "name": "34161", + "refsource": "OSVDB", + "url": "http://osvdb.org/34161" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2330.json b/2007/2xxx/CVE-2007-2330.json index 7b0f342fa918..b10e2ec02df5 100644 --- a/2007/2xxx/CVE-2007-2330.json +++ b/2007/2xxx/CVE-2007-2330.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 DynaTracker &v151>> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466843/100/0/threaded" - }, - { - "name" : "23667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23667" - }, - { - "name" : "34159", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34159" - }, - { - "name" : "34160", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34160" - }, - { - "name" : "2638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2638" - }, - { - "name" : "dynatracker-basepath-file-include(33873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33873" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34159", + "refsource": "OSVDB", + "url": "http://osvdb.org/34159" + }, + { + "name": "34160", + "refsource": "OSVDB", + "url": "http://osvdb.org/34160" + }, + { + "name": "dynatracker-basepath-file-include(33873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33873" + }, + { + "name": "2638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2638" + }, + { + "name": "23667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23667" + }, + { + "name": "20070425 DynaTracker &v151>> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466843/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2601.json b/2007/2xxx/CVE-2007-2601.json index d1c080b23bb4..89513d8c7af6 100644 --- a/2007/2xxx/CVE-2007-2601.json +++ b/2007/2xxx/CVE-2007-2601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3889" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html.", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html." - }, - { - "name" : "23907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23907" - }, - { - "name" : "36021", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36021" - }, - { - "name" : "gdivx-activex-avifixer-bo(34246)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34246" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gdivx-activex-avifixer-bo(34246)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34246" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html.", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html." + }, + { + "name": "3889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3889" + }, + { + "name": "36021", + "refsource": "OSVDB", + "url": "http://osvdb.org/36021" + }, + { + "name": "23907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23907" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2653.json b/2007/2xxx/CVE-2007-2653.json index ff9c2809817d..03c8404fcdb6 100644 --- a/2007/2xxx/CVE-2007-2653.json +++ b/2007/2xxx/CVE-2007-2653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2653", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason: This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users should reference CVE-2007-2438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-2653", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason: This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users should reference CVE-2007-2438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2862.json b/2007/2xxx/CVE-2007-2862.json index e8297bf7bdbb..e211745be1bc 100644 --- a/2007/2xxx/CVE-2007-2862.json +++ b/2007/2xxx/CVE-2007-2862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469301/100/0/threaded" - }, - { - "name" : "24100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24100" - }, - { - "name" : "38100", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38100" - }, - { - "name" : "2730", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2730" - }, - { - "name" : "cubecart-unspecified-sql-injection(34460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38100", + "refsource": "OSVDB", + "url": "http://osvdb.org/38100" + }, + { + "name": "cubecart-unspecified-sql-injection(34460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460" + }, + { + "name": "24100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24100" + }, + { + "name": "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469301/100/0/threaded" + }, + { + "name": "2730", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2730" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0651.json b/2010/0xxx/CVE-2010-0651.json index 8e1e7eec26ae..8b97c30c88f3 100644 --- a/2010/0xxx/CVE-2010-0651.json +++ b/2010/0xxx/CVE-2010-0651.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" - }, - { - "name" : "http://websec.sv.cmu.edu/css/css.pdf", - "refsource" : "MISC", - "url" : "http://websec.sv.cmu.edu/css/css.pdf" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9877", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9877" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "http://trac.webkit.org/changeset/52784", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/52784" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=29820", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=29820" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "oval:org.mitre.oval:def:13653", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9877", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=9877" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://trac.webkit.org/changeset/52784", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/52784" + }, + { + "name": "http://websec.sv.cmu.edu/css/css.pdf", + "refsource": "MISC", + "url": "http://websec.sv.cmu.edu/css/css.pdf" + }, + { + "name": "oval:org.mitre.oval:def:13653", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=29820", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=29820" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0656.json b/2010/0xxx/CVE-2010-0656.json index 9d7eb4630f31..71dcaf0c77c7 100644 --- a/2010/0xxx/CVE-2010-0656.json +++ b/2010/0xxx/CVE-2010-0656.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=20450", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=20450" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "http://trac.webkit.org/changeset/51295", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/51295" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=31329", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=31329" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38372" - }, - { - "name" : "oval:org.mitre.oval:def:14501", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "http://trac.webkit.org/changeset/51295", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/51295" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "38372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38372" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=20450", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=20450" + }, + { + "name": "oval:org.mitre.oval:def:14501", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=31329", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=31329" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0689.json b/2010/0xxx/CVE-2010-0689.json index 18db0e19ac46..2e5028557e27 100644 --- a/2010/0xxx/CVE-2010-0689.json +++ b/2010/0xxx/CVE-2010-0689.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100225 NSOADV-2010-003: DATEV ActiveX Control remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509743/100/0/threaded" - }, - { - "name" : "http://sotiriu.de/adv/NSOADV-2010-003.txt", - "refsource" : "MISC", - "url" : "http://sotiriu.de/adv/NSOADV-2010-003.txt" - }, - { - "name" : "http://sotiriu.de/demos/videos/nso-2010-003.html", - "refsource" : "MISC", - "url" : "http://sotiriu.de/demos/videos/nso-2010-003.html" - }, - { - "name" : "http://www.datev.de/info-db/1080162", - "refsource" : "CONFIRM", - "url" : "http://www.datev.de/info-db/1080162" - }, - { - "name" : "38415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38415" - }, - { - "name" : "62564", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62564" - }, - { - "name" : "38716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38716" - }, - { - "name" : "ADV-2010-0474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0474" - }, - { - "name" : "datev-dvbsexecall-command-execution(56530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sotiriu.de/demos/videos/nso-2010-003.html", + "refsource": "MISC", + "url": "http://sotiriu.de/demos/videos/nso-2010-003.html" + }, + { + "name": "38415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38415" + }, + { + "name": "62564", + "refsource": "OSVDB", + "url": "http://osvdb.org/62564" + }, + { + "name": "datev-dvbsexecall-command-execution(56530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530" + }, + { + "name": "ADV-2010-0474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0474" + }, + { + "name": "20100225 NSOADV-2010-003: DATEV ActiveX Control remote command execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509743/100/0/threaded" + }, + { + "name": "http://sotiriu.de/adv/NSOADV-2010-003.txt", + "refsource": "MISC", + "url": "http://sotiriu.de/adv/NSOADV-2010-003.txt" + }, + { + "name": "http://www.datev.de/info-db/1080162", + "refsource": "CONFIRM", + "url": "http://www.datev.de/info-db/1080162" + }, + { + "name": "38716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38716" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0805.json b/2010/0xxx/CVE-2010-0805.json index d542d4c19d8b..f8aea67d6bc1 100644 --- a/2010/0xxx/CVE-2010-0805.json +++ b/2010/0xxx/CVE-2010-0805.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\"" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka \"Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510507/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-034", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-034" - }, - { - "name" : "MS10-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "TA10-089A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" - }, - { - "name" : "39025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39025" - }, - { - "name" : "oval:org.mitre.oval:def:8080", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080" - }, - { - "name" : "1023773", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023773" - }, - { - "name" : "ADV-2010-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0744" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39025" + }, + { + "name": "TA10-089A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" + }, + { + "name": "20100402 ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510507/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-034", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-034" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "MS10-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" + }, + { + "name": "ADV-2010-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0744" + }, + { + "name": "1023773", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023773" + }, + { + "name": "oval:org.mitre.oval:def:8080", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8080" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0992.json b/2010/0xxx/CVE-2010-0992.json index 3cba2a3cb8b0..28f38168e74b 100644 --- a/2010/0xxx/CVE-2010-0992.json +++ b/2010/0xxx/CVE-2010-0992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 Secunia Research: Pulse CMS Cross-Site Request Forgery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510619/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-46/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-46/" - }, - { - "name" : "http://pulsecms.com/blog.php", - "refsource" : "CONFIRM", - "url" : "http://pulsecms.com/blog.php" - }, - { - "name" : "39046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39046" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2010-46/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-46/" + }, + { + "name": "39046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39046" + }, + { + "name": "20100409 Secunia Research: Pulse CMS Cross-Site Request Forgery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510619/100/0/threaded" + }, + { + "name": "http://pulsecms.com/blog.php", + "refsource": "CONFIRM", + "url": "http://pulsecms.com/blog.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1210.json b/2010/1xxx/CVE-2010-1210.json index aedd91efcc9b..14d63517a1a2 100644 --- a/2010/1xxx/CVE-2010-1210.json +++ b/2010/1xxx/CVE-2010-1210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=564679", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=564679" - }, - { - "name" : "oval:org.mitre.oval:def:11863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11863" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=564679", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=564679" + }, + { + "name": "oval:org.mitre.oval:def:11863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11863" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1256.json b/2010/1xxx/CVE-2010-1256.json index 26bff0f626cd..f543cd357dfd 100644 --- a/2010/1xxx/CVE-2010-1256.json +++ b/2010/1xxx/CVE-2010-1256.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to \"token checking\" that trigger memory corruption, aka \"IIS Authentication Memory Corruption Vulnerability.\"" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to \"token checking\" that trigger memory corruption, aka \"IIS Authentication Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40573" - }, - { - "name" : "oval:org.mitre.oval:def:7149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149" - }, - { - "name" : "ms-iis-authentication-code-execution(58864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58864" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7149" + }, + { + "name": "MS10-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040" + }, + { + "name": "40573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40573" + }, + { + "name": "ms-iis-authentication-code-execution(58864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58864" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1278.json b/2010/1xxx/CVE-2010-1278.json index f8522a9f23f7..a01380bb28bb 100644 --- a/2010/1xxx/CVE-2010-1278.json +++ b/2010/1xxx/CVE-2010-1278.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100421 ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510868/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-077/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-077/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" - }, - { - "name" : "oval:org.mitre.oval:def:7500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500" - }, - { - "name" : "1023908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023908" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-077/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-077/" + }, + { + "name": "oval:org.mitre.oval:def:7500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7500" + }, + { + "name": "20100421 ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510868/100/0/threaded" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" + }, + { + "name": "1023908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023908" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1707.json b/2010/1xxx/CVE-2010-1707.json index 94143bac9c52..b99536fd21bf 100644 --- a/2010/1xxx/CVE-2010-1707.json +++ b/2010/1xxx/CVE-2010-1707.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936" - }, - { - "name" : "ADV-2010-1034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1034" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936", + "refsource": "CONFIRM", + "url": "http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936" + }, + { + "name": "ADV-2010-1034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1034" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1873.json b/2010/1xxx/CVE-2010-1873.json index 6e072f894765..bd1c10dc45f4 100644 --- a/2010/1xxx/CVE-2010-1873.json +++ b/2010/1xxx/CVE-2010-1873.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12190", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12190" - }, - { - "name" : "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability", - "refsource" : "MISC", - "url" : "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt" - }, - { - "name" : "39409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39409" - }, - { - "name" : "63669", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63669" - }, - { - "name" : "39401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39401" - }, - { - "name" : "jvehicles-index-sql-injection(57774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57774" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txt" + }, + { + "name": "39409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39409" + }, + { + "name": "39401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39401" + }, + { + "name": "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability", + "refsource": "MISC", + "url": "http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerability" + }, + { + "name": "12190", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12190" + }, + { + "name": "63669", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63669" + }, + { + "name": "jvehicles-index-sql-injection(57774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57774" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3275.json b/2010/3xxx/CVE-2010-3275.json index fb7bf2863420..b1de6e1b3f03 100644 --- a/2010/3xxx/CVE-2010-3275.json +++ b/2010/3xxx/CVE-2010-3275.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517150/100/0/threaded" - }, - { - "name" : "17048", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17048" - }, - { - "name" : "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files" - }, - { - "name" : "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv" - }, - { - "name" : "http://www.videolan.org/vlc/releases/1.1.8.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/vlc/releases/1.1.8.html" - }, - { - "name" : "DSA-2211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2211" - }, - { - "name" : "47012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47012" - }, - { - "name" : "71277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71277" - }, - { - "name" : "oval:org.mitre.oval:def:14718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718" - }, - { - "name" : "1025250", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025250" - }, - { - "name" : "43826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43826" - }, - { - "name" : "8162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8162" - }, - { - "name" : "ADV-2011-0759", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0759" - }, - { - "name" : "vlcmediaplayer-amv-bo(66259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025250", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025250" + }, + { + "name": "ADV-2011-0759", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0759" + }, + { + "name": "http://www.videolan.org/vlc/releases/1.1.8.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/vlc/releases/1.1.8.html" + }, + { + "name": "43826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43826" + }, + { + "name": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv" + }, + { + "name": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files" + }, + { + "name": "DSA-2211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2211" + }, + { + "name": "17048", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17048" + }, + { + "name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded" + }, + { + "name": "71277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71277" + }, + { + "name": "vlcmediaplayer-amv-bo(66259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259" + }, + { + "name": "oval:org.mitre.oval:def:14718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718" + }, + { + "name": "8162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8162" + }, + { + "name": "47012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47012" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4319.json b/2010/4xxx/CVE-2010-4319.json index b8a46cefaa2b..953c283f51a1 100644 --- a/2010/4xxx/CVE-2010-4319.json +++ b/2010/4xxx/CVE-2010-4319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4441.json b/2010/4xxx/CVE-2010-4441.json index cfbb1ef83e8a..0a44b6085a61 100644 --- a/2010/4xxx/CVE-2010-4441.json +++ b/2010/4xxx/CVE-2010-4441.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45881" - }, - { - "name" : "70576", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70576" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42982" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-talent-unauth-access(64789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64789" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "70576", + "refsource": "OSVDB", + "url": "http://osvdb.org/70576" + }, + { + "name": "peoplesoft-talent-unauth-access(64789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64789" + }, + { + "name": "42982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42982" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "45881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45881" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4619.json b/2010/4xxx/CVE-2010-4619.json index 6225fe5b907e..c58b1dfcfea1 100644 --- a/2010/4xxx/CVE-2010-4619.json +++ b/2010/4xxx/CVE-2010-4619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15775", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15775" - }, - { - "name" : "45501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45501" - }, - { - "name" : "42710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42710" - }, - { - "name" : "mafiagamescript-profile-sql-injection(64208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64208" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45501" + }, + { + "name": "42710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42710" + }, + { + "name": "15775", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15775" + }, + { + "name": "mafiagamescript-profile-sql-injection(64208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64208" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4919.json b/2010/4xxx/CVE-2010-4919.json index 6b8630e9e270..1ffb03fb593a 100644 --- a/2010/4xxx/CVE-2010-4919.json +++ b/2010/4xxx/CVE-2010-4919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14914", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14914" - }, - { - "name" : "41319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41319" - }, - { - "name" : "rvdealer-detail-sql-injection(61611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61611" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14914", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14914" + }, + { + "name": "rvdealer-detail-sql-injection(61611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61611" + }, + { + "name": "41319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41319" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5222.json b/2010/5xxx/CVE-2010-5222.json index f6657257859d..d6f6081ef91d 100644 --- a/2010/5xxx/CVE-2010-5222.json +++ b/2010/5xxx/CVE-2010-5222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41902" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41902" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0044.json b/2014/0xxx/CVE-2014-0044.json index bbeeea68e487..83fc3a125258 100644 --- a/2014/0xxx/CVE-2014-0044.json +++ b/2014/0xxx/CVE-2014-0044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka \"out-of-bounds array access\")." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka \"out-of-bounds array access\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mumble.info/security/Mumble-SA-2014-001.txt", - "refsource" : "CONFIRM", - "url" : "http://mumble.info/security/Mumble-SA-2014-001.txt" - }, - { - "name" : "DSA-2854", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2854" - }, - { - "name" : "openSUSE-SU-2014:0271", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" - }, - { - "name" : "102904", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102904" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2854", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2854" + }, + { + "name": "openSUSE-SU-2014:0271", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" + }, + { + "name": "102904", + "refsource": "OSVDB", + "url": "http://osvdb.org/102904" + }, + { + "name": "http://mumble.info/security/Mumble-SA-2014-001.txt", + "refsource": "CONFIRM", + "url": "http://mumble.info/security/Mumble-SA-2014-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0595.json b/2014/0xxx/CVE-2014-0595.json index 881d48e820c1..0ff3408fcd4c 100644 --- a/2014/0xxx/CVE-2014-0595.json +++ b/2014/0xxx/CVE-2014-0595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7014932", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7014932" - }, - { - "name" : "SUSE-SU-2014:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html" - }, - { - "name" : "67144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67144" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67144" + }, + { + "name": "SUSE-SU-2014:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7014932", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7014932" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0622.json b/2014/0xxx/CVE-2014-0622.json index b9b7f5d28ce7..f43660a3cd66 100644 --- a/2014/0xxx/CVE-2014-0622.json +++ b/2014/0xxx/CVE-2014-0622.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" - }, - { - "name" : "65398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65398" - }, - { - "name" : "102949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102949" - }, - { - "name" : "56845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56845" - }, - { - "name" : "emc-documentum-cve20140622-sec-bypass(90982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90982" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65398" + }, + { + "name": "emc-documentum-cve20140622-sec-bypass(90982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90982" + }, + { + "name": "102949", + "refsource": "OSVDB", + "url": "http://osvdb.org/102949" + }, + { + "name": "20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" + }, + { + "name": "56845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56845" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0919.json b/2014/0xxx/CVE-2014-0919.json index 94d5bfc8bff0..4795427d3cc4 100644 --- a/2014/0xxx/CVE-2014-0919.json +++ b/2014/0xxx/CVE-2014-0919.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698021" - }, - { - "name" : "IT07397", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397" - }, - { - "name" : "IT07547", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547" - }, - { - "name" : "IT07552", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552" - }, - { - "name" : "IT07553", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553" - }, - { - "name" : "IT07554", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554" - }, - { - "name" : "74217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74217" - }, - { - "name" : "1032247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032247" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT07553", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553" + }, + { + "name": "IT07554", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554" + }, + { + "name": "IT07547", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547" + }, + { + "name": "IT07552", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552" + }, + { + "name": "1032247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032247" + }, + { + "name": "74217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74217" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021" + }, + { + "name": "IT07397", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1815.json b/2014/1xxx/CVE-2014-1815.json index edf1d8f5ff5b..d835bc4ccb99 100644 --- a/2014/1xxx/CVE-2014-1815.json +++ b/2014/1xxx/CVE-2014-1815.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0310." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0310." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1845.json b/2014/1xxx/CVE-2014-1845.json index 076fb6b958bb..8b6f30804572 100644 --- a/2014/1xxx/CVE-2014-1845.json +++ b/2014/1xxx/CVE-2014-1845.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" - }, - { - "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0" - }, - { - "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" - }, - { - "name" : "enlightenment-helper-priv-esc(91216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "enlightenment-helper-priv-esc(91216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216" + }, + { + "name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" + }, + { + "name": "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/03/19" + }, + { + "name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4179.json b/2014/4xxx/CVE-2014-4179.json index 92a3743aa2a9..1c78766408b9 100644 --- a/2014/4xxx/CVE-2014-4179.json +++ b/2014/4xxx/CVE-2014-4179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4324.json b/2014/4xxx/CVE-2014-4324.json index 5faf4a986211..44b078d9a3d7 100644 --- a/2014/4xxx/CVE-2014-4324.json +++ b/2014/4xxx/CVE-2014-4324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9194.json b/2014/9xxx/CVE-2014-9194.json index ef4bc30de8b2..a1203f664f22 100644 --- a/2014/9xxx/CVE-2014-9194.json +++ b/2014/9xxx/CVE-2014-9194.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-9194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9359.json b/2014/9xxx/CVE-2014-9359.json index edec409a4f73..eba42b01269b 100644 --- a/2014/9xxx/CVE-2014-9359.json +++ b/2014/9xxx/CVE-2014-9359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9444.json b/2014/9xxx/CVE-2014-9444.json index 50fb2a19f115..8d33c4a996ee 100644 --- a/2014/9xxx/CVE-2014-9444.json +++ b/2014/9xxx/CVE-2014-9444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141227 Wordpress Frontend Uploader Cross Site Scripting(XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/122" - }, - { - "name" : "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html" - }, - { - "name" : "71808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71808" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141227 Wordpress Frontend Uploader Cross Site Scripting(XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/122" + }, + { + "name": "71808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71808" + }, + { + "name": "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9846.json b/2014/9xxx/CVE-2014-9846.json index 09ea8eeb4977..ab2af695a1ec 100644 --- a/2014/9xxx/CVE-2014-9846.json +++ b/2014/9xxx/CVE-2014-9846.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343504", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343504" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:2073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" - }, - { - "name" : "openSUSE-SU-2016:3060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" + }, + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2016:3060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343504", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343504" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9883.json b/2014/9xxx/CVE-2014-9883.json index 63afc1a3f7be..6b8fe149660f 100644 --- a/2014/9xxx/CVE-2014-9883.json +++ b/2014/9xxx/CVE-2014-9883.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3061.json b/2016/3xxx/CVE-2016-3061.json index 496c96e1d81d..3dc13cdd9e5a 100644 --- a/2016/3xxx/CVE-2016-3061.json +++ b/2016/3xxx/CVE-2016-3061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3218.json b/2016/3xxx/CVE-2016-3218.json index 84306286a72b..39288c7c984a 100644 --- a/2016/3xxx/CVE-2016-3218.json +++ b/2016/3xxx/CVE-2016-3218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3221." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-073" - }, - { - "name" : "1036109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036109" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036109" + }, + { + "name": "MS16-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-073" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3440.json b/2016/3xxx/CVE-2016-3440.json index 52302c8ff397..f7b18d806391 100644 --- a/2016/3xxx/CVE-2016-3440.json +++ b/2016/3xxx/CVE-2016-3440.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91910" - }, - { - "name" : "1036362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036362" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036362" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91910" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3805.json b/2016/3xxx/CVE-2016-3805.json index 53c55c1353f8..3cf11fd10edd 100644 --- a/2016/3xxx/CVE-2016-3805.json +++ b/2016/3xxx/CVE-2016-3805.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3902.json b/2016/3xxx/CVE-2016-3902.json index d5a609d4f3d6..378e42c95941 100644 --- a/2016/3xxx/CVE-2016-3902.json +++ b/2016/3xxx/CVE-2016-3902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768" - }, - { - "name" : "93309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93309" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93309" + }, + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7224.json b/2016/7xxx/CVE-2016-7224.json index ed500c8bcd5e..83ea1dfcd90d 100644 --- a/2016/7xxx/CVE-2016-7224.json +++ b/2016/7xxx/CVE-2016-7224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\"" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka \"VHD Driver Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40765/" - }, - { - "name" : "MS16-138", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138" - }, - { - "name" : "94017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94017" - }, - { - "name" : "1037248", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037248" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037248", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037248" + }, + { + "name": "MS16-138", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138" + }, + { + "name": "94017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94017" + }, + { + "name": "40765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40765/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7356.json b/2016/7xxx/CVE-2016-7356.json index b40118f6b6c8..3eb423804eaf 100644 --- a/2016/7xxx/CVE-2016-7356.json +++ b/2016/7xxx/CVE-2016-7356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7356", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7356", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7590.json b/2016/7xxx/CVE-2016-7590.json index e6fc6b9b67d7..79cc9f4c3ead 100644 --- a/2016/7xxx/CVE-2016-7590.json +++ b/2016/7xxx/CVE-2016-7590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7590", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7590", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7689.json b/2016/7xxx/CVE-2016-7689.json index 391649cc42b0..42778e45ad7f 100644 --- a/2016/7xxx/CVE-2016-7689.json +++ b/2016/7xxx/CVE-2016-7689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7689", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7689", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8632.json b/2016/8xxx/CVE-2016-8632.json index a4ba7539f185..5844ba427932 100644 --- a/2016/8xxx/CVE-2016-8632.json +++ b/2016/8xxx/CVE-2016-8632.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" + "lang": "eng", + "value": "The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html" - }, - { - "name" : "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/08/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" - }, - { - "name" : "94211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94211" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/08/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" + }, + { + "name": "94211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94211" + }, + { + "name": "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8654.json b/2016/8xxx/CVE-2016-8654.json index 68396b5c23c2..4d9a54e47310 100644 --- a/2016/8xxx/CVE-2016-8654.json +++ b/2016/8xxx/CVE-2016-8654.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jasper", + "version": { + "version_data": [ + { + "version_value": "2.0.0" + } + ] + } + } + ] + }, + "vendor_name": "The Jasper Project" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "jasper", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Jasper Project" + "lang": "eng", + "value": "A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected." - } - ] - }, - "impact" : { - "cvss" : [ - [ + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ], + [ + { + "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ { - "vectorString" : "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] } - ], - [ + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3785", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3785" + }, + { + "name": "94583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94583" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, { - "vectorString" : "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version" : "2.0" + "name": "https://github.com/mdadams/jasper/issues/93", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/issues/93" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654" + }, + { + "name": "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a" + }, + { + "name": "https://github.com/mdadams/jasper/issues/94", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/issues/94" } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/93", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/issues/93" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/94", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/issues/94" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a" - }, - { - "name" : "DSA-3785", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3785" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "94583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94583" - } - ] - } -} + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8840.json b/2016/8xxx/CVE-2016-8840.json index 2712884ad9b3..18b7eea40ad8 100644 --- a/2016/8xxx/CVE-2016-8840.json +++ b/2016/8xxx/CVE-2016-8840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8840", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8840", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8900.json b/2016/8xxx/CVE-2016-8900.json index 2ce1b3a60eba..646d951e7111 100644 --- a/2016/8xxx/CVE-2016-8900.json +++ b/2016/8xxx/CVE-2016-8900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9071.json b/2016/9xxx/CVE-2016-9071.json index 1160c371a082..2c58046404f3 100644 --- a/2016/9xxx/CVE-2016-9071.json +++ b/2016/9xxx/CVE-2016-9071.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" + "lang": "eng", + "value": "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Probe browser history via HSTS/301 redirect + CSP" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Probe browser history via HSTS/301 redirect + CSP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file