diff --git a/2006/5xxx/CVE-2006-5653.json b/2006/5xxx/CVE-2006-5653.json index faafa177de0..febc292448a 100644 --- a/2006/5xxx/CVE-2006-5653.json +++ b/2006/5xxx/CVE-2006-5653.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061031 Sun java System Messenger Express XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450153/100/0/threaded" - }, - { - "name" : "20070104 Re: Sun java System Messenger Express XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456273/100/200/threaded" - }, - { - "name" : "20832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20832" - }, - { - "name" : "ADV-2006-4281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4281" - }, - { - "name" : "1018106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018106" - }, - { - "name" : "22663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22663" - }, - { - "name" : "1805", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1805" - }, - { - "name" : "sun-messaging-index-xss(29939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1805", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1805" + }, + { + "name": "20070104 Re: Sun java System Messenger Express XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456273/100/200/threaded" + }, + { + "name": "20832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20832" + }, + { + "name": "ADV-2006-4281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4281" + }, + { + "name": "1018106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018106" + }, + { + "name": "20061031 Sun java System Messenger Express XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450153/100/0/threaded" + }, + { + "name": "22663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22663" + }, + { + "name": "sun-messaging-index-xss(29939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29939" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2214.json b/2007/2xxx/CVE-2007-2214.json index 490d88ef427..092492a28ac 100644 --- a/2007/2xxx/CVE-2007-2214.json +++ b/2007/2xxx/CVE-2007-2214.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070423 DmCMS Shell Uploading", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466704/100/0/threaded" - }, - { - "name" : "23628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23628" - }, - { - "name" : "ADV-2007-1516", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1516" - }, - { - "name" : "35636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35636" - }, - { - "name" : "2605", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35636", + "refsource": "OSVDB", + "url": "http://osvdb.org/35636" + }, + { + "name": "20070423 DmCMS Shell Uploading", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466704/100/0/threaded" + }, + { + "name": "ADV-2007-1516", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1516" + }, + { + "name": "2605", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2605" + }, + { + "name": "23628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23628" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2549.json b/2007/2xxx/CVE-2007-2549.json index a4dd3b6b9c4..cbee122d961 100644 --- a/2007/2xxx/CVE-2007-2549.json +++ b/2007/2xxx/CVE-2007-2549.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 SunShop (v4) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467825/100/0/threaded" - }, - { - "name" : "20070826 Sunshop v4.0 <= Blind SQL Injection exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477829/100/200/threaded" - }, - { - "name" : "23856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23856" - }, - { - "name" : "35656", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35656" - }, - { - "name" : "2677", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2677" - }, - { - "name" : "sunshop-index-sql-injection(34138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sunshop-index-sql-injection(34138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34138" + }, + { + "name": "20070826 Sunshop v4.0 <= Blind SQL Injection exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477829/100/200/threaded" + }, + { + "name": "2677", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2677" + }, + { + "name": "20070505 SunShop (v4) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467825/100/0/threaded" + }, + { + "name": "23856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23856" + }, + { + "name": "35656", + "refsource": "OSVDB", + "url": "http://osvdb.org/35656" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2583.json b/2007/2xxx/CVE-2007-2583.json index b66435b5756..45f41fe898b 100644 --- a/2007/2xxx/CVE-2007-2583.json +++ b/2007/2xxx/CVE-2007-2583.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30020", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30020" - }, - { - "name" : "http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=27513", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=27513" - }, - { - "name" : "http://lists.mysql.com/commits/23685", - "refsource" : "CONFIRM", - "url" : "http://lists.mysql.com/commits/23685" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1356", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1356" - }, - { - "name" : "DSA-1413", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1413" - }, - { - "name" : "GLSA-200705-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-11.xml" - }, - { - "name" : "MDKSA-2007:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139" - }, - { - "name" : "RHSA-2008:0364", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0364.html" - }, - { - "name" : "SUSE-SR:2008:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" - }, - { - "name" : "2007-0017", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0017/" - }, - { - "name" : "USN-528-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/528-1/" - }, - { - "name" : "23911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23911" - }, - { - "name" : "34734", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34734" - }, - { - "name" : "oval:org.mitre.oval:def:9930", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930" - }, - { - "name" : "30351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30351" - }, - { - "name" : "ADV-2007-1731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1731" - }, - { - "name" : "25196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25196" - }, - { - "name" : "25188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25188" - }, - { - "name" : "25255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25255" - }, - { - "name" : "25389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25389" - }, - { - "name" : "25946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25946" - }, - { - "name" : "27155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27155" - }, - { - "name" : "27823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27823" - }, - { - "name" : "28838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28838" - }, - { - "name" : "mysql-if-dos(34232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1731" + }, + { + "name": "27823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27823" + }, + { + "name": "25196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25196" + }, + { + "name": "25188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25188" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1356", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1356" + }, + { + "name": "25389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25389" + }, + { + "name": "2007-0017", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0017/" + }, + { + "name": "mysql-if-dos(34232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34232" + }, + { + "name": "GLSA-200705-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-11.xml" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=27513", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=27513" + }, + { + "name": "30020", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30020" + }, + { + "name": "25946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25946" + }, + { + "name": "23911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23911" + }, + { + "name": "DSA-1413", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1413" + }, + { + "name": "http://lists.mysql.com/commits/23685", + "refsource": "CONFIRM", + "url": "http://lists.mysql.com/commits/23685" + }, + { + "name": "USN-528-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/528-1/" + }, + { + "name": "MDKSA-2007:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139" + }, + { + "name": "oval:org.mitre.oval:def:9930", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930" + }, + { + "name": "30351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30351" + }, + { + "name": "27155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27155" + }, + { + "name": "34734", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34734" + }, + { + "name": "25255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25255" + }, + { + "name": "28838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28838" + }, + { + "name": "SUSE-SR:2008:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" + }, + { + "name": "RHSA-2008:0364", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html" + }, + { + "name": "http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2600.json b/2007/2xxx/CVE-2007-2600.json index fd259099db5..91b2538a887 100644 --- a/2007/2xxx/CVE-2007-2600.json +++ b/2007/2xxx/CVE-2007-2600.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3887", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3887" - }, - { - "name" : "23905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23905" - }, - { - "name" : "35892", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35892" - }, - { - "name" : "35893", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35893" - }, - { - "name" : "35894", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35894" - }, - { - "name" : "35895", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35895" - }, - { - "name" : "35896", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35896" - }, - { - "name" : "35897", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35897" - }, - { - "name" : "ADV-2007-1742", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1742" - }, - { - "name" : "tutorialcms-multiple-xss(34215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35893", + "refsource": "OSVDB", + "url": "http://osvdb.org/35893" + }, + { + "name": "23905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23905" + }, + { + "name": "ADV-2007-1742", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1742" + }, + { + "name": "35894", + "refsource": "OSVDB", + "url": "http://osvdb.org/35894" + }, + { + "name": "35897", + "refsource": "OSVDB", + "url": "http://osvdb.org/35897" + }, + { + "name": "35896", + "refsource": "OSVDB", + "url": "http://osvdb.org/35896" + }, + { + "name": "tutorialcms-multiple-xss(34215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34215" + }, + { + "name": "35895", + "refsource": "OSVDB", + "url": "http://osvdb.org/35895" + }, + { + "name": "35892", + "refsource": "OSVDB", + "url": "http://osvdb.org/35892" + }, + { + "name": "3887", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3887" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2639.json b/2007/2xxx/CVE-2007-2639.json index 4db53f87b11..3bd705f7745 100644 --- a/2007/2xxx/CVE-2007-2639.json +++ b/2007/2xxx/CVE-2007-2639.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070511 TFTPdWin 0.4.2 Server Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468313/100/0/threaded" - }, - { - "name" : "23937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23937" - }, - { - "name" : "36252", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36252" - }, - { - "name" : "2699", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2699" - }, - { - "name" : "tftpdwin-unspecified-directory-traversal(34247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2699", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2699" + }, + { + "name": "36252", + "refsource": "OSVDB", + "url": "http://osvdb.org/36252" + }, + { + "name": "23937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23937" + }, + { + "name": "20070511 TFTPdWin 0.4.2 Server Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468313/100/0/threaded" + }, + { + "name": "tftpdwin-unspecified-directory-traversal(34247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34247" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2870.json b/2007/2xxx/CVE-2007-2870.json index a80476992bf..afeac6174d7 100644 --- a/2007/2xxx/CVE-2007-2870.json +++ b/2007/2xxx/CVE-2007-2870.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070531 FLEA-2007-0023-1: firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470172/100/200/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-16.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1424", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1424" - }, - { - "name" : "DSA-1300", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1300" - }, - { - "name" : "DSA-1306", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1306" - }, - { - "name" : "DSA-1308", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1308" - }, - { - "name" : "GLSA-200706-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-06.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:120", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120" - }, - { - "name" : "MDKSA-2007:126", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:126" - }, - { - "name" : "RHSA-2007:0400", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0400.html" - }, - { - "name" : "RHSA-2007:0402", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0402.html" - }, - { - "name" : "SSA:2007-152-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857" - }, - { - "name" : "SUSE-SA:2007:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html" - }, - { - "name" : "USN-468-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-468-1" - }, - { - "name" : "TA07-151A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-151A.html" - }, - { - "name" : "24242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24242" - }, - { - "name" : "35136", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35136" - }, - { - "name" : "oval:org.mitre.oval:def:9547", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547" - }, - { - "name" : "ADV-2007-1994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1994" - }, - { - "name" : "1018160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018160" - }, - { - "name" : "1018161", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018161" - }, - { - "name" : "25476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25476" - }, - { - "name" : "25533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25533" - }, - { - "name" : "25559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25559" - }, - { - "name" : "25635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25635" - }, - { - "name" : "25647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25647" - }, - { - "name" : "25685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25685" - }, - { - "name" : "25534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25534" - }, - { - "name" : "25469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25469" - }, - { - "name" : "25488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25488" - }, - { - "name" : "25490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25490" - }, - { - "name" : "25491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25491" - }, - { - "name" : "25750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25750" - }, - { - "name" : "25858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25858" - }, - { - "name" : "mozilla-addeventlistener-xss(34614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1308", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1308" + }, + { + "name": "35136", + "refsource": "OSVDB", + "url": "http://osvdb.org/35136" + }, + { + "name": "MDKSA-2007:120", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120" + }, + { + "name": "20070531 FLEA-2007-0023-1: firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded" + }, + { + "name": "25647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25647" + }, + { + "name": "25469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25469" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "SUSE-SA:2007:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html" + }, + { + "name": "25491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25491" + }, + { + "name": "GLSA-200706-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-06.xml" + }, + { + "name": "25635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25635" + }, + { + "name": "1018160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018160" + }, + { + "name": "25534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25534" + }, + { + "name": "ADV-2007-1994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1994" + }, + { + "name": "RHSA-2007:0400", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0400.html" + }, + { + "name": "SSA:2007-152-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-16.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-16.html" + }, + { + "name": "25533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25533" + }, + { + "name": "DSA-1306", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1306" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1424", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1424" + }, + { + "name": "25858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25858" + }, + { + "name": "USN-468-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-468-1" + }, + { + "name": "1018161", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018161" + }, + { + "name": "25476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25476" + }, + { + "name": "MDKSA-2007:126", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:126" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "24242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24242" + }, + { + "name": "25750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25750" + }, + { + "name": "DSA-1300", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1300" + }, + { + "name": "25559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25559" + }, + { + "name": "mozilla-addeventlistener-xss(34614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34614" + }, + { + "name": "25490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25490" + }, + { + "name": "25488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25488" + }, + { + "name": "RHSA-2007:0402", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html" + }, + { + "name": "TA07-151A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html" + }, + { + "name": "25685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25685" + }, + { + "name": "oval:org.mitre.oval:def:9547", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3699.json b/2007/3xxx/CVE-2007-3699.json index 170b99711a9..1e062b77cfe 100644 --- a/2007/3xxx/CVE-2007-3699.json +++ b/2007/3xxx/CVE-2007-3699.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html" - }, - { - "name" : "24282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24282" - }, - { - "name" : "36119", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36119" - }, - { - "name" : "ADV-2007-2508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2508" - }, - { - "name" : "26053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26053" + }, + { + "name": "ADV-2007-2508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2508" + }, + { + "name": "36119", + "refsource": "OSVDB", + "url": "http://osvdb.org/36119" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html" + }, + { + "name": "24282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24282" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3704.json b/2007/3xxx/CVE-2007-3704.json index a456ec3da37..b1a8284d443 100644 --- a/2007/3xxx/CVE-2007-3704.json +++ b/2007/3xxx/CVE-2007-3704.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to \"Administrator.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 Entertainment CMS Admin Login Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473282/100/0/threaded" - }, - { - "name" : "24847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24847" - }, - { - "name" : "37908", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37908" - }, - { - "name" : "26016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26016" - }, - { - "name" : "2878", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2878" - }, - { - "name" : "entertainment-index-security-bypass(35330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to \"Administrator.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070710 Entertainment CMS Admin Login Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473282/100/0/threaded" + }, + { + "name": "24847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24847" + }, + { + "name": "26016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26016" + }, + { + "name": "entertainment-index-security-bypass(35330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35330" + }, + { + "name": "2878", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2878" + }, + { + "name": "37908", + "refsource": "OSVDB", + "url": "http://osvdb.org/37908" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3950.json b/2007/3xxx/CVE-2007-3950.json index 1c4fab7ebdb..facaa7cf31b 100644 --- a/2007/3xxx/CVE-2007-3950.json +++ b/2007/3xxx/CVE-2007-3950.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070719 rPSA-2007-0145-1 lighttpd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474131/100/0/threaded" - }, - { - "name" : "http://trac.lighttpd.net/trac/changeset/1882", - "refsource" : "MISC", - "url" : "http://trac.lighttpd.net/trac/changeset/1882" - }, - { - "name" : "http://trac.lighttpd.net/trac/ticket/1263", - "refsource" : "CONFIRM", - "url" : "http://trac.lighttpd.net/trac/ticket/1263" - }, - { - "name" : "DSA-1362", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1362" - }, - { - "name" : "GLSA-200708-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-11.xml" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24967" - }, - { - "name" : "ADV-2007-2585", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2585" - }, - { - "name" : "26130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26130" - }, - { - "name" : "26158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26158" - }, - { - "name" : "26505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26505" - }, - { - "name" : "26593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26593" - }, - { - "name" : "2909", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2909", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2909" + }, + { + "name": "26158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26158" + }, + { + "name": "ADV-2007-2585", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2585" + }, + { + "name": "26130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26130" + }, + { + "name": "http://trac.lighttpd.net/trac/changeset/1882", + "refsource": "MISC", + "url": "http://trac.lighttpd.net/trac/changeset/1882" + }, + { + "name": "20070719 rPSA-2007-0145-1 lighttpd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474131/100/0/threaded" + }, + { + "name": "24967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24967" + }, + { + "name": "26593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26593" + }, + { + "name": "DSA-1362", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1362" + }, + { + "name": "GLSA-200708-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-11.xml" + }, + { + "name": "http://trac.lighttpd.net/trac/ticket/1263", + "refsource": "CONFIRM", + "url": "http://trac.lighttpd.net/trac/ticket/1263" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "26505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26505" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4857.json b/2007/4xxx/CVE-2007-4857.json index ef7450f1724..3b9f4c51e7e 100644 --- a/2007/4xxx/CVE-2007-4857.json +++ b/2007/4xxx/CVE-2007-4857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4933.json b/2007/4xxx/CVE-2007-4933.json index 5c562dae49b..358e1424d69 100644 --- a/2007/4xxx/CVE-2007-4933.json +++ b/2007/4xxx/CVE-2007-4933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4419", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4419" - }, - { - "name" : "25695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25695" - }, - { - "name" : "26840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26840" + }, + { + "name": "25695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25695" + }, + { + "name": "4419", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4419" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6280.json b/2007/6xxx/CVE-2007-6280.json index 8451eaa91ff..e4a795d4762 100644 --- a/2007/6xxx/CVE-2007-6280.json +++ b/2007/6xxx/CVE-2007-6280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6280", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6280", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6448.json b/2007/6xxx/CVE-2007-6448.json index 4fd78889f49..168f2fc422e 100644 --- a/2007/6xxx/CVE-2007-6448.json +++ b/2007/6xxx/CVE-2007-6448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6448", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6448", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0442.json b/2010/0xxx/CVE-2010-0442.json index 2356557a3af..d2233efc0ce 100644 --- a/2010/0xxx/CVE-2010-0442.json +++ b/2010/0xxx/CVE-2010-0442.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an \"overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/27/5" - }, - { - "name" : "[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php" - }, - { - "name" : "[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058" - }, - { - "name" : "http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html", - "refsource" : "MISC", - "url" : "http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html" - }, - { - "name" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12", - "refsource" : "CONFIRM", - "url" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12" - }, - { - "name" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83", - "refsource" : "CONFIRM", - "url" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559194", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559194" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559259", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559259" - }, - { - "name" : "DSA-2051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2051" - }, - { - "name" : "MDVSA-2010:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" - }, - { - "name" : "RHSA-2010:0427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0427.html" - }, - { - "name" : "RHSA-2010:0428", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0428.html" - }, - { - "name" : "RHSA-2010:0429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0429.html" - }, - { - "name" : "USN-933-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-933-1" - }, - { - "name" : "37973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37973" - }, - { - "name" : "oval:org.mitre.oval:def:9720", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720" - }, - { - "name" : "1023510", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023510" - }, - { - "name" : "39566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39566" - }, - { - "name" : "39820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39820" - }, - { - "name" : "39939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39939" - }, - { - "name" : "ADV-2010-1022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1022" - }, - { - "name" : "ADV-2010-1207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1207" - }, - { - "name" : "ADV-2010-1197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1197" - }, - { - "name" : "ADV-2010-1221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1221" - }, - { - "name" : "postgresql-substring-bo(55902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an \"overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0427.html" + }, + { + "name": "1023510", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023510" + }, + { + "name": "RHSA-2010:0428", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0428.html" + }, + { + "name": "DSA-2051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2051" + }, + { + "name": "USN-933-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-933-1" + }, + { + "name": "39820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39820" + }, + { + "name": "[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/27/5" + }, + { + "name": "ADV-2010-1221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1221" + }, + { + "name": "37973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37973" + }, + { + "name": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12", + "refsource": "CONFIRM", + "url": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12" + }, + { + "name": "http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html", + "refsource": "MISC", + "url": "http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html" + }, + { + "name": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83", + "refsource": "CONFIRM", + "url": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83" + }, + { + "name": "ADV-2010-1207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1207" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058" + }, + { + "name": "ADV-2010-1022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1022" + }, + { + "name": "[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php" + }, + { + "name": "39566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39566" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=559259", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559259" + }, + { + "name": "postgresql-substring-bo(55902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55902" + }, + { + "name": "[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php" + }, + { + "name": "RHSA-2010:0429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0429.html" + }, + { + "name": "oval:org.mitre.oval:def:9720", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=559194", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559194" + }, + { + "name": "MDVSA-2010:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" + }, + { + "name": "39939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39939" + }, + { + "name": "ADV-2010-1197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1197" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1964.json b/2010/1xxx/CVE-2010-1964.json index da810b5fbe7..0ab1e46d240 100644 --- a/2010/1xxx/CVE-2010-1964.json +++ b/2010/1xxx/CVE-2010-1964.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100616 ZDI-10-108: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511854/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-108", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-108" - }, - { - "name" : "HPSBMA02537", - "refsource" : "HP", - "url" : "http://seclists.org/bugtraq/2010/Jun/152" - }, - { - "name" : "SSRT010027", - "refsource" : "HP", - "url" : "http://seclists.org/bugtraq/2010/Jun/152" - }, - { - "name" : "40873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40873" - }, - { - "name" : "65552", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65552" - }, - { - "name" : "8155", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-108", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-108" + }, + { + "name": "SSRT010027", + "refsource": "HP", + "url": "http://seclists.org/bugtraq/2010/Jun/152" + }, + { + "name": "20100616 ZDI-10-108: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511854/100/0/threaded" + }, + { + "name": "65552", + "refsource": "OSVDB", + "url": "http://osvdb.org/65552" + }, + { + "name": "8155", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8155" + }, + { + "name": "40873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40873" + }, + { + "name": "HPSBMA02537", + "refsource": "HP", + "url": "http://seclists.org/bugtraq/2010/Jun/152" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5085.json b/2010/5xxx/CVE-2010-5085.json index 9687244590d..6613a03d53e 100644 --- a/2010/5xxx/CVE-2010-5085.json +++ b/2010/5xxx/CVE-2010-5085.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100805 XSRF (CSRF) in Amethyst", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=128104795219200&w=2" - }, - { - "name" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html" - }, - { - "name" : "http://dev.hulihanapplications.com/issues/show/208", - "refsource" : "CONFIRM", - "url" : "http://dev.hulihanapplications.com/issues/show/208" - }, - { - "name" : "67043", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67043" - }, - { - "name" : "40874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40874" - }, - { - "name" : "ADV-2010-2022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2022" - }, - { - "name" : "amethyst-update-csrf(60947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2022" + }, + { + "name": "20100805 XSRF (CSRF) in Amethyst", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=128104795219200&w=2" + }, + { + "name": "67043", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67043" + }, + { + "name": "http://dev.hulihanapplications.com/issues/show/208", + "refsource": "CONFIRM", + "url": "http://dev.hulihanapplications.com/issues/show/208" + }, + { + "name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html" + }, + { + "name": "40874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40874" + }, + { + "name": "amethyst-update-csrf(60947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60947" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5195.json b/2010/5xxx/CVE-2010-5195.json index a39f8f0d2b6..b904c23cb16 100644 --- a/2010/5xxx/CVE-2010-5195.json +++ b/2010/5xxx/CVE-2010-5195.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14781", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14781/" - }, - { - "name" : "41152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14781", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14781/" + }, + { + "name": "41152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41152" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5281.json b/2010/5xxx/CVE-2010-5281.json index b498909f2bd..f392c85a9e1 100644 --- a/2010/5xxx/CVE-2010-5281.json +++ b/2010/5xxx/CVE-2010-5281.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1009-exploits/cmscout209-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/cmscout209-lfi.txt" - }, - { - "name" : "http://www.johnleitch.net/Vulnerabilities/CMScout.2.09.IBrowser.TinyMCE.Plugin.Local.File.Inclusion/33", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/CMScout.2.09.IBrowser.TinyMCE.Plugin.Local.File.Inclusion/33" - }, - { - "name" : "68247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68247" - }, - { - "name" : "41634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41634" - }, - { - "name" : "ibrowser-ibrowser-file-include(62066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.johnleitch.net/Vulnerabilities/CMScout.2.09.IBrowser.TinyMCE.Plugin.Local.File.Inclusion/33", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/CMScout.2.09.IBrowser.TinyMCE.Plugin.Local.File.Inclusion/33" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/cmscout209-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/cmscout209-lfi.txt" + }, + { + "name": "68247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68247" + }, + { + "name": "ibrowser-ibrowser-file-include(62066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62066" + }, + { + "name": "41634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41634" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0447.json b/2014/0xxx/CVE-2014-0447.json index 7ca06c0b644..2cb4aaba028 100644 --- a/2014/0xxx/CVE-2014-0447.json +++ b/2014/0xxx/CVE-2014-0447.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0694.json b/2014/0xxx/CVE-2014-0694.json index f4843eeceaf..3304a8a95ff 100644 --- a/2014/0xxx/CVE-2014-0694.json +++ b/2014/0xxx/CVE-2014-0694.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33336", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33336" - }, - { - "name" : "20140312 Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140312 Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33336", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33336" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0759.json b/2014/0xxx/CVE-2014-0759.json index e4376900ae1..3690b5fa522 100644 --- a/2014/0xxx/CVE-2014-0759.json +++ b/2014/0xxx/CVE-2014-0759.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0917.json b/2014/0xxx/CVE-2014-0917.json index 01ea4ec0b82..1dedeb391d8 100644 --- a/2014/0xxx/CVE-2014-0917.json +++ b/2014/0xxx/CVE-2014-0917.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670753", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670753" - }, - { - "name" : "PI14125", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125" - }, - { - "name" : "67339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67339" - }, - { - "name" : "ibm-iehs-cve20140917-xss(91979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67339" + }, + { + "name": "PI14125", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753" + }, + { + "name": "ibm-iehs-cve20140917-xss(91979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0973.json b/2014/0xxx/CVE-2014-0973.json index be7bd30e0a6..a6b61a789d6 100644 --- a/2014/0xxx/CVE-2014-0973.json +++ b/2014/0xxx/CVE-2014-0973.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1858.json b/2014/1xxx/CVE-2014-1858.json index 89959a7e718..b55b4387151 100644 --- a/2014/1xxx/CVE-2014-1858.json +++ b/2014/1xxx/CVE-2014-1858.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" - }, - { - "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" - }, - { - "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" - }, - { - "name" : "https://github.com/numpy/numpy/pull/4262", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/pull/4262" - }, - { - "name" : "FEDORA-2014-2289", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" - }, - { - "name" : "FEDORA-2014-2387", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" - }, - { - "name" : "65441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65441" - }, - { - "name" : "numpy-cve20141858-symlink(91318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-2387", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" + }, + { + "name": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" + }, + { + "name": "https://github.com/numpy/numpy/pull/4262", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/pull/4262" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" + }, + { + "name": "65441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65441" + }, + { + "name": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" + }, + { + "name": "numpy-cve20141858-symlink(91318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91318" + }, + { + "name": "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/08/3" + }, + { + "name": "FEDORA-2014-2289", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5097.json b/2014/5xxx/CVE-2014-5097.json index e07a0a8d980..ff7b9ab8c06 100644 --- a/2014/5xxx/CVE-2014-5097.json +++ b/2014/5xxx/CVE-2014-5097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140820 SQL Injection Vulnerability in ArticleFR", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533183/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127943/ArticleFR-3.0.4-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127943/ArticleFR-3.0.4-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23225", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23225" - }, - { - "name" : "69307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23225", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23225" + }, + { + "name": "http://packetstormsecurity.com/files/127943/ArticleFR-3.0.4-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127943/ArticleFR-3.0.4-SQL-Injection.html" + }, + { + "name": "69307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69307" + }, + { + "name": "20140820 SQL Injection Vulnerability in ArticleFR", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533183/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5139.json b/2014/5xxx/CVE-2014-5139.json index 2826d11918e..a03f2c1ba17 100644 --- a/2014/5xxx/CVE-2014-5139.json +++ b/2014/5xxx/CVE-2014-5139.json @@ -1,317 +1,317 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e" - }, - { - "name" : "https://www.openssl.org/news/secadv_20140806.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20140806.txt" - }, - { - "name" : "http://www.tenable.com/security/tns-2014-06", - "refsource" : "CONFIRM", - "url" : "http://www.tenable.com/security/tns-2014-06" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" - }, - { - "name" : "DSA-2998", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2998" - }, - { - "name" : "FreeBSD-SA-14:18", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" - }, - { - "name" : "GLSA-201412-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml" - }, - { - "name" : "HPSBMU03260", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "SSRT101894", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "HPSBMU03216", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350350616251&w=2" - }, - { - "name" : "SSRT101818", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142350350616251&w=2" - }, - { - "name" : "HPSBMU03259", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624619906067&w=2" - }, - { - "name" : "HPSBMU03262", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624719706349&w=2" - }, - { - "name" : "HPSBMU03267", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2" - }, - { - "name" : "HPSBMU03283", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624679706236&w=2" - }, - { - "name" : "SSRT101916", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624679706236&w=2" - }, - { - "name" : "SSRT101921", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624719706349&w=2" - }, - { - "name" : "SSRT101922", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624619906067" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "HPSBMU03304", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2" - }, - { - "name" : "HPSBMU03261", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2" - }, - { - "name" : "HPSBMU03263", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2" - }, - { - "name" : "NetBSD-SA2014-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" - }, - { - "name" : "openSUSE-SU-2014:1052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" - }, - { - "name" : "69077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69077" - }, - { - "name" : "1030693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030693" - }, - { - "name" : "60810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60810" - }, - { - "name" : "60917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60917" - }, - { - "name" : "60921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60921" - }, - { - "name" : "61775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61775" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "59756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59756" - }, - { - "name" : "60803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60803" - }, - { - "name" : "61017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61017" - }, - { - "name" : "61100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61100" - }, - { - "name" : "61171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61171" - }, - { - "name" : "61392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61392" - }, - { - "name" : "61184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61184" - }, - { - "name" : "59700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59700" - }, - { - "name" : "59710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59710" - }, - { - "name" : "60022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60022" - }, - { - "name" : "60221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60221" - }, - { - "name" : "60493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html" + }, + { + "name": "60221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60221" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" + }, + { + "name": "61184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61184" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "60022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60022" + }, + { + "name": "https://www.openssl.org/news/secadv_20140806.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20140806.txt" + }, + { + "name": "61017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61017" + }, + { + "name": "SSRT101818", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350350616251&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" + }, + { + "name": "HPSBMU03304", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2" + }, + { + "name": "HPSBMU03259", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624619906067&w=2" + }, + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" + }, + { + "name": "GLSA-201412-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "69077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69077" + }, + { + "name": "HPSBMU03260", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "60803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60803" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0" + }, + { + "name": "59700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59700" + }, + { + "name": "1030693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030693" + }, + { + "name": "60917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60917" + }, + { + "name": "HPSBMU03216", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142350350616251&w=2" + }, + { + "name": "http://www.tenable.com/security/tns-2014-06", + "refsource": "CONFIRM", + "url": "http://www.tenable.com/security/tns-2014-06" + }, + { + "name": "NetBSD-SA2014-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc" + }, + { + "name": "60493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60493" + }, + { + "name": "59710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59710" + }, + { + "name": "60921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60921" + }, + { + "name": "60810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60810" + }, + { + "name": "HPSBMU03283", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240" + }, + { + "name": "61100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61100" + }, + { + "name": "FreeBSD-SA-14:18", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc" + }, + { + "name": "61775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61775" + }, + { + "name": "SSRT101894", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "DSA-2998", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2998" + }, + { + "name": "HPSBMU03263", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2" + }, + { + "name": "SSRT101921", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "59756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59756" + }, + { + "name": "HPSBMU03262", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2" + }, + { + "name": "HPSBMU03267", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2" + }, + { + "name": "HPSBMU03261", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" + }, + { + "name": "61392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61392" + }, + { + "name": "SSRT101916", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2" + }, + { + "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html" + }, + { + "name": "61171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61171" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e" + }, + { + "name": "SSRT101922", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624619906067" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5191.json b/2014/5xxx/CVE-2014-5191.json index 5f4e27facae..bfc50df7b65 100644 --- a/2014/5xxx/CVE-2014-5191.json +++ b/2014/5xxx/CVE-2014-5191.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ckeditor.com/node/136981", - "refsource" : "CONFIRM", - "url" : "http://ckeditor.com/node/136981" - }, - { - "name" : "69161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69161" - }, - { - "name" : "60036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ckeditor.com/node/136981", + "refsource": "CONFIRM", + "url": "http://ckeditor.com/node/136981" + }, + { + "name": "60036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60036" + }, + { + "name": "69161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69161" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5558.json b/2014/5xxx/CVE-2014-5558.json index 5b477ef4f2c..736a379aca5 100644 --- a/2014/5xxx/CVE-2014-5558.json +++ b/2014/5xxx/CVE-2014-5558.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#599745", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/599745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#599745", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/599745" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5823.json b/2014/5xxx/CVE-2014-5823.json index 7a8e9dce296..045f80cd09d 100644 --- a/2014/5xxx/CVE-2014-5823.json +++ b/2014/5xxx/CVE-2014-5823.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The The Cleaner - Speed up & Clean (aka com.liquidum.thecleaner) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#592089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/592089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The The Cleaner - Speed up & Clean (aka com.liquidum.thecleaner) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#592089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/592089" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2449.json b/2015/2xxx/CVE-2015-2449.json index 7c5099f77b5..095e9389c25 100644 --- a/2015/2xxx/CVE-2015-2449.json +++ b/2015/2xxx/CVE-2015-2449.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"ASLR Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" - }, - { - "name" : "MS15-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" - }, - { - "name" : "1033237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"ASLR Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033237" + }, + { + "name": "MS15-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" + }, + { + "name": "MS15-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10131.json b/2016/10xxx/CVE-2016-10131.json index c85c6db41b7..e38d74a9895 100644 --- a/2016/10xxx/CVE-2016-10131.json +++ b/2016/10xxx/CVE-2016-10131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36", - "refsource" : "MISC", - "url" : "https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36" - }, - { - "name" : "https://github.com/bcit-ci/CodeIgniter/issues/4963", - "refsource" : "MISC", - "url" : "https://github.com/bcit-ci/CodeIgniter/issues/4963" - }, - { - "name" : "https://github.com/bcit-ci/CodeIgniter/pull/4966", - "refsource" : "MISC", - "url" : "https://github.com/bcit-ci/CodeIgniter/pull/4966" - }, - { - "name" : "96851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bcit-ci/CodeIgniter/pull/4966", + "refsource": "MISC", + "url": "https://github.com/bcit-ci/CodeIgniter/pull/4966" + }, + { + "name": "https://github.com/bcit-ci/CodeIgniter/issues/4963", + "refsource": "MISC", + "url": "https://github.com/bcit-ci/CodeIgniter/issues/4963" + }, + { + "name": "https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36", + "refsource": "MISC", + "url": "https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36" + }, + { + "name": "96851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96851" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10431.json b/2016/10xxx/CVE-2016-10431.json index a48f88bc196..5819a561f6d 100644 --- a/2016/10xxx/CVE-2016-10431.json +++ b/2016/10xxx/CVE-2016-10431.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, and SD 850, TZ applications are not properly validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, and SD 850, TZ applications are not properly validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3242.json b/2016/3xxx/CVE-2016-3242.json index 7b9eff9c548..2e3c1e33b00 100644 --- a/2016/3xxx/CVE-2016-3242.json +++ b/2016/3xxx/CVE-2016-3242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3240 and CVE-2016-3241." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-084", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" - }, - { - "name" : "91570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91570" - }, - { - "name" : "1036283", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3240 and CVE-2016-3241." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036283", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036283" + }, + { + "name": "MS16-084", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" + }, + { + "name": "91570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91570" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4087.json b/2016/4xxx/CVE-2016-4087.json index 55f75671f71..271bd2b078e 100644 --- a/2016/4xxx/CVE-2016-4087.json +++ b/2016/4xxx/CVE-2016-4087.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4360.json b/2016/4xxx/CVE-2016-4360.json index 923de345f28..e6122c2b731 100644 --- a/2016/4xxx/CVE-2016-4360.json +++ b/2016/4xxx/CVE-2016-4360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-364", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-364" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2016-17", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-17" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423" - }, - { - "name" : "90975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90975" - }, - { - "name" : "1036006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423" + }, + { + "name": "90975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90975" + }, + { + "name": "1036006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036006" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-17", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-17" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-364", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4561.json b/2016/4xxx/CVE-2016-4561.json index 438206d1065..e6346691327 100644 --- a/2016/4xxx/CVE-2016-4561.json +++ b/2016/4xxx/CVE-2016-4561.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-4561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ikiwiki.info/security/#index43h2", - "refsource" : "CONFIRM", - "url" : "http://ikiwiki.info/security/#index43h2" - }, - { - "name" : "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7", - "refsource" : "CONFIRM", - "url" : "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7" - }, - { - "name" : "DSA-3571", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7", + "refsource": "CONFIRM", + "url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7" + }, + { + "name": "DSA-3571", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3571" + }, + { + "name": "http://ikiwiki.info/security/#index43h2", + "refsource": "CONFIRM", + "url": "http://ikiwiki.info/security/#index43h2" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8219.json b/2016/8xxx/CVE-2016-8219.json index 3e775235b48..15d00c92b27 100644 --- a/2016/8xxx/CVE-2016-8219.json +++ b/2016/8xxx/CVE-2016-8219.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-8219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "over-privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-8219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2016-8219/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2016-8219/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "over-privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2016-8219/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2016-8219/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8360.json b/2016/8xxx/CVE-2016-8360.json index 3924e006c9e..2e2428feae5 100644 --- a/2016/8xxx/CVE-2016-8360.json +++ b/2016/8xxx/CVE-2016-8360.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa SoftCMS prior to Version 1.6", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa SoftCMS prior to Version 1.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa SoftCMS double free" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa SoftCMS prior to Version 1.6", + "version": { + "version_data": [ + { + "version_value": "Moxa SoftCMS prior to Version 1.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02" - }, - { - "name" : "94394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa SoftCMS double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02" + }, + { + "name": "94394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94394" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8446.json b/2016/8xxx/CVE-2016-8446.json index 7ee46736d5a..ef36149b85d 100644 --- a/2016/8xxx/CVE-2016-8446.json +++ b/2016/8xxx/CVE-2016-8446.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95229" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8639.json b/2016/8xxx/CVE-2016-8639.json index d99009e3951..1049a9ec424 100644 --- a/2016/8xxx/CVE-2016-8639.json +++ b/2016/8xxx/CVE-2016-8639.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "foreman", - "version" : { - "version_data" : [ - { - "version_value" : "1.13.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Foreman Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "1.13.0" + } + ] + } + } + ] + }, + "vendor_name": "The Foreman Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639" - }, - { - "name" : "https://github.com/theforeman/foreman/pull/3523", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/pull/3523" - }, - { - "name" : "https://projects.theforeman.org/issues/15037", - "refsource" : "CONFIRM", - "url" : "https://projects.theforeman.org/issues/15037" - }, - { - "name" : "RHSA-2018:0336", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0336" - }, - { - "name" : "94263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639" + }, + { + "name": "RHSA-2018:0336", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0336" + }, + { + "name": "https://github.com/theforeman/foreman/pull/3523", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/pull/3523" + }, + { + "name": "94263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94263" + }, + { + "name": "https://projects.theforeman.org/issues/15037", + "refsource": "CONFIRM", + "url": "https://projects.theforeman.org/issues/15037" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9435.json b/2016/9xxx/CVE-2016-9435.json index e5f35f0df7f..09c157b9e78 100644 --- a/2016/9xxx/CVE-2016-9435.json +++ b/2016/9xxx/CVE-2016-9435.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to
tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/issues/16", - "refsource" : "MISC", - "url" : "https://github.com/tats/w3m/issues/16" - }, - { - "name" : "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "openSUSE-SU-2016:3121", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to
tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd" + }, + { + "name": "openSUSE-SU-2016:3121", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html" + }, + { + "name": "https://github.com/tats/w3m/issues/16", + "refsource": "MISC", + "url": "https://github.com/tats/w3m/issues/16" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9717.json b/2016/9xxx/CVE-2016-9717.json index 5e9b0a809aa..bdf29209c80 100644 --- a/2016/9xxx/CVE-2016-9717.json +++ b/2016/9xxx/CVE-2016-9717.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2016-9717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Master Data Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.1" - }, - { - "version_value" : "11.0" - }, - { - "version_value" : "11.3" - }, - { - "version_value" : "11.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "11.0.0" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2016-9717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Master Data Management", + "version": { + "version_data": [ + { + "version_value": "10.1" + }, + { + "version_value": "11.0" + }, + { + "version_value": "11.3" + }, + { + "version_value": "11.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "11.0.0" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119730", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119730" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006605", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006605" - }, - { - "name" : "100074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100074" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006605", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006605" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119730", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119730" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9732.json b/2016/9xxx/CVE-2016-9732.json index 2faf946ef9f..d10df4b8e1a 100644 --- a/2016/9xxx/CVE-2016-9732.json +++ b/2016/9xxx/CVE-2016-9732.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-14T00:00:00", - "ID" : "CVE-2016-9732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cram Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.2.0" - }, - { - "version_value" : "7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-14T00:00:00", + "ID": "CVE-2016-9732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cram Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007156", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007156", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007156" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2159.json b/2019/2xxx/CVE-2019-2159.json index 3ddd3791332..f2ec308810c 100644 --- a/2019/2xxx/CVE-2019-2159.json +++ b/2019/2xxx/CVE-2019-2159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2539.json b/2019/2xxx/CVE-2019-2539.json index 7781183ae8c..0a5f760375d 100644 --- a/2019/2xxx/CVE-2019-2539.json +++ b/2019/2xxx/CVE-2019-2539.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2567.json b/2019/2xxx/CVE-2019-2567.json index f865a16ec45..78698021899 100644 --- a/2019/2xxx/CVE-2019-2567.json +++ b/2019/2xxx/CVE-2019-2567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2917.json b/2019/2xxx/CVE-2019-2917.json index f29d510fd6d..94cfba9c170 100644 --- a/2019/2xxx/CVE-2019-2917.json +++ b/2019/2xxx/CVE-2019-2917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6033.json b/2019/6xxx/CVE-2019-6033.json index a1d853b2984..975d4cd0eca 100644 --- a/2019/6xxx/CVE-2019-6033.json +++ b/2019/6xxx/CVE-2019-6033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6293.json b/2019/6xxx/CVE-2019-6293.json index 2cb9b520297..c9ac2b8d5f6 100644 --- a/2019/6xxx/CVE-2019-6293.json +++ b/2019/6xxx/CVE-2019-6293.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/westes/flex/issues/414", - "refsource" : "MISC", - "url" : "https://github.com/westes/flex/issues/414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/westes/flex/issues/414", + "refsource": "MISC", + "url": "https://github.com/westes/flex/issues/414" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6309.json b/2019/6xxx/CVE-2019-6309.json index 581b3865e4c..8c3599fdafc 100644 --- a/2019/6xxx/CVE-2019-6309.json +++ b/2019/6xxx/CVE-2019-6309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6404.json b/2019/6xxx/CVE-2019-6404.json index 77e8cf3ff94..548eed9c435 100644 --- a/2019/6xxx/CVE-2019-6404.json +++ b/2019/6xxx/CVE-2019-6404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6404", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6404", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7502.json b/2019/7xxx/CVE-2019-7502.json index c29ac2625a2..05be4b57f13 100644 --- a/2019/7xxx/CVE-2019-7502.json +++ b/2019/7xxx/CVE-2019-7502.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7502", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7502", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7603.json b/2019/7xxx/CVE-2019-7603.json index dd1a62714e8..a031880be92 100644 --- a/2019/7xxx/CVE-2019-7603.json +++ b/2019/7xxx/CVE-2019-7603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7836.json b/2019/7xxx/CVE-2019-7836.json index 3dd188739cc..bdceb2fdbf2 100644 --- a/2019/7xxx/CVE-2019-7836.json +++ b/2019/7xxx/CVE-2019-7836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7836", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7836", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file