diff --git a/2007/2xxx/CVE-2007-2131.json b/2007/2xxx/CVE-2007-2131.json index 5d55afc1db3..2112b755417 100644 --- a/2007/2xxx/CVE-2007-2131.json +++ b/2007/2xxx/CVE-2007-2131.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2300.json b/2007/2xxx/CVE-2007-2300.json index a610b1b6c45..0184b6674d0 100644 --- a/2007/2xxx/CVE-2007-2300.json +++ b/2007/2xxx/CVE-2007-2300.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070412 phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465545/100/0/threaded" - }, - { - "name" : "23448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23448" - }, - { - "name" : "35365", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35365" - }, - { - "name" : "35366", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35366" - }, - { - "name" : "35367", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35367" - }, - { - "name" : "2643", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2643" - }, - { - "name" : "phpwebnews-mtxt-xss(33641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35365", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35365" + }, + { + "name": "23448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23448" + }, + { + "name": "phpwebnews-mtxt-xss(33641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33641" + }, + { + "name": "2643", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2643" + }, + { + "name": "35366", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35366" + }, + { + "name": "20070412 phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465545/100/0/threaded" + }, + { + "name": "35367", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35367" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2337.json b/2007/2xxx/CVE-2007-2337.json index 59ad1697719..ea685813f01 100644 --- a/2007/2xxx/CVE-2007-2337.json +++ b/2007/2xxx/CVE-2007-2337.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10", - "refsource" : "MISC", - "url" : "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10" - }, - { - "name" : "23574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23574" - }, - { - "name" : "35640", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35640" - }, - { - "name" : "35641", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35641" - }, - { - "name" : "35642", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35642" - }, - { - "name" : "35643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35643" - }, - { - "name" : "exponentcms-multiple-scripts-xss(34077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23574" + }, + { + "name": "35642", + "refsource": "OSVDB", + "url": "http://osvdb.org/35642" + }, + { + "name": "35643", + "refsource": "OSVDB", + "url": "http://osvdb.org/35643" + }, + { + "name": "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10", + "refsource": "MISC", + "url": "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10" + }, + { + "name": "35641", + "refsource": "OSVDB", + "url": "http://osvdb.org/35641" + }, + { + "name": "35640", + "refsource": "OSVDB", + "url": "http://osvdb.org/35640" + }, + { + "name": "exponentcms-multiple-scripts-xss(34077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34077" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2553.json b/2007/2xxx/CVE-2007-2553.json index 34d2fb70ee7..952bf084580 100644 --- a/2007/2xxx/CVE-2007-2553.json +++ b/2007/2xxx/CVE-2007-2553.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070509 Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468103/100/0/threaded" - }, - { - "name" : "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html", - "refsource" : "MISC", - "url" : "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html" - }, - { - "name" : "HPSBTU02211", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871" - }, - { - "name" : "SSRT071326", - "refsource" : "HP", - "url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871" - }, - { - "name" : "23881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23881" - }, - { - "name" : "36203", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36203" - }, - { - "name" : "ADV-2007-1715", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1715" - }, - { - "name" : "1018021", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018021" - }, - { - "name" : "25197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25197" - }, - { - "name" : "hp-dop-privilege-escalation(34175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23881" + }, + { + "name": "HPSBTU02211", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871" + }, + { + "name": "25197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25197" + }, + { + "name": "20070509 Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468103/100/0/threaded" + }, + { + "name": "ADV-2007-1715", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1715" + }, + { + "name": "hp-dop-privilege-escalation(34175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34175" + }, + { + "name": "SSRT071326", + "refsource": "HP", + "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871" + }, + { + "name": "1018021", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018021" + }, + { + "name": "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html", + "refsource": "MISC", + "url": "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html" + }, + { + "name": "36203", + "refsource": "OSVDB", + "url": "http://osvdb.org/36203" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2821.json b/2007/2xxx/CVE-2007-2821.json index 0d3c254d096..bad6ae3695a 100644 --- a/2007/2xxx/CVE-2007-2821.json +++ b/2007/2xxx/CVE-2007-2821.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070521 [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469258/100/0/threaded" - }, - { - "name" : "3960", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/3960" - }, - { - "name" : "http://www.waraxe.us/advisory-50.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-50.html" - }, - { - "name" : "DSA-1502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1502" - }, - { - "name" : "24076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24076" - }, - { - "name" : "36311", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36311" - }, - { - "name" : "ADV-2007-1889", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1889" - }, - { - "name" : "25345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25345" - }, - { - "name" : "29014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29014" - }, - { - "name" : "wordpress-adminajax-sql-injection(34399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1502" + }, + { + "name": "3960", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/3960" + }, + { + "name": "24076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24076" + }, + { + "name": "25345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25345" + }, + { + "name": "wordpress-adminajax-sql-injection(34399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34399" + }, + { + "name": "ADV-2007-1889", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1889" + }, + { + "name": "http://www.waraxe.us/advisory-50.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-50.html" + }, + { + "name": "20070521 [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469258/100/0/threaded" + }, + { + "name": "29014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29014" + }, + { + "name": "36311", + "refsource": "OSVDB", + "url": "http://osvdb.org/36311" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3316.json b/2007/3xxx/CVE-2007-3316.json index 8be13f6e84b..9b3ff35139c 100644 --- a/2007/3xxx/CVE-2007-3316.json +++ b/2007/3xxx/CVE-2007-3316.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070621 VLC 0.8.6b format string vulnerability & integer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471933/100/0/threaded" - }, - { - "name" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt" - }, - { - "name" : "http://www.videolan.org/sa0702.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/sa0702.html" - }, - { - "name" : "DSA-1332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1332" - }, - { - "name" : "GLSA-200707-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200707-12.xml" - }, - { - "name" : "VU#200928", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/200928" - }, - { - "name" : "24555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24555" - }, - { - "name" : "37379", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37379" - }, - { - "name" : "37380", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37380" - }, - { - "name" : "37381", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37381" - }, - { - "name" : "37382", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37382" - }, - { - "name" : "oval:org.mitre.oval:def:14600", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600" - }, - { - "name" : "ADV-2007-2262", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2262" - }, - { - "name" : "25753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25753" - }, - { - "name" : "25980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25980" - }, - { - "name" : "26269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200707-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200707-12.xml" + }, + { + "name": "20070621 VLC 0.8.6b format string vulnerability & integer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded" + }, + { + "name": "37382", + "refsource": "OSVDB", + "url": "http://osvdb.org/37382" + }, + { + "name": "24555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24555" + }, + { + "name": "VU#200928", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/200928" + }, + { + "name": "26269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26269" + }, + { + "name": "37381", + "refsource": "OSVDB", + "url": "http://osvdb.org/37381" + }, + { + "name": "37380", + "refsource": "OSVDB", + "url": "http://osvdb.org/37380" + }, + { + "name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt", + "refsource": "MISC", + "url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt" + }, + { + "name": "ADV-2007-2262", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2262" + }, + { + "name": "oval:org.mitre.oval:def:14600", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600" + }, + { + "name": "37379", + "refsource": "OSVDB", + "url": "http://osvdb.org/37379" + }, + { + "name": "25753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25753" + }, + { + "name": "DSA-1332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1332" + }, + { + "name": "25980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25980" + }, + { + "name": "http://www.videolan.org/sa0702.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/sa0702.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3473.json b/2007/3xxx/CVE-2007-3473.json index f0c28c51e58..e94ef7cdc72 100644 --- a/2007/3xxx/CVE-2007-3473.json +++ b/2007/3xxx/CVE-2007-3473.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070907 FLEA-2007-0052-1 gd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478796/100/0/threaded" - }, - { - "name" : "http://bugs.libgd.org/?do=details&task_id=94", - "refsource" : "MISC", - "url" : "http://bugs.libgd.org/?do=details&task_id=94" - }, - { - "name" : "http://www.libgd.org/ReleaseNote020035", - "refsource" : "CONFIRM", - "url" : "http://www.libgd.org/ReleaseNote020035" - }, - { - "name" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1643", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1643" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421" - }, - { - "name" : "FEDORA-2007-2055", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2007-205.shtml" - }, - { - "name" : "FEDORA-2007-692", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html" - }, - { - "name" : "FEDORA-2010-19022", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html" - }, - { - "name" : "FEDORA-2010-19033", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html" - }, - { - "name" : "GLSA-200708-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml" - }, - { - "name" : "GLSA-200711-34", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml" - }, - { - "name" : "GLSA-200805-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml" - }, - { - "name" : "MDKSA-2007:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153" - }, - { - "name" : "MDKSA-2007:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" - }, - { - "name" : "RHSA-2008:0146", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0146.html" - }, - { - "name" : "2007-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0024/" - }, - { - "name" : "24651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24651" - }, - { - "name" : "37744", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37744" - }, - { - "name" : "oval:org.mitre.oval:def:11806", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806" - }, - { - "name" : "42813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42813" - }, - { - "name" : "ADV-2007-2336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2336" - }, - { - "name" : "25855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25855" - }, - { - "name" : "25860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25860" - }, - { - "name" : "26272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26272" - }, - { - "name" : "26390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26390" - }, - { - "name" : "26415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26415" - }, - { - "name" : "26467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26467" - }, - { - "name" : "26663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26663" - }, - { - "name" : "26766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26766" - }, - { - "name" : "26856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26856" - }, - { - "name" : "29157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29157" - }, - { - "name" : "30168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30168" - }, - { - "name" : "ADV-2011-0022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0022" - }, - { - "name" : "gd-imagecreatexbm-dos(35109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gd-imagecreatexbm-dos(35109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35109" + }, + { + "name": "2007-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0024/" + }, + { + "name": "MDKSA-2007:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" + }, + { + "name": "29157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29157" + }, + { + "name": "37744", + "refsource": "OSVDB", + "url": "http://osvdb.org/37744" + }, + { + "name": "oval:org.mitre.oval:def:11806", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806" + }, + { + "name": "26415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26415" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1643", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1643" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421" + }, + { + "name": "25855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25855" + }, + { + "name": "GLSA-200805-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml" + }, + { + "name": "20070907 FLEA-2007-0052-1 gd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded" + }, + { + "name": "26467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26467" + }, + { + "name": "42813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42813" + }, + { + "name": "http://www.libgd.org/ReleaseNote020035", + "refsource": "CONFIRM", + "url": "http://www.libgd.org/ReleaseNote020035" + }, + { + "name": "GLSA-200708-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml" + }, + { + "name": "30168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30168" + }, + { + "name": "FEDORA-2007-692", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html" + }, + { + "name": "ADV-2011-0022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0022" + }, + { + "name": "25860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25860" + }, + { + "name": "ADV-2007-2336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2336" + }, + { + "name": "26663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26663" + }, + { + "name": "FEDORA-2010-19033", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html" + }, + { + "name": "26856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26856" + }, + { + "name": "26272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26272" + }, + { + "name": "GLSA-200711-34", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml" + }, + { + "name": "RHSA-2008:0146", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html" + }, + { + "name": "FEDORA-2010-19022", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html" + }, + { + "name": "http://bugs.libgd.org/?do=details&task_id=94", + "refsource": "MISC", + "url": "http://bugs.libgd.org/?do=details&task_id=94" + }, + { + "name": "24651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24651" + }, + { + "name": "MDKSA-2007:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153" + }, + { + "name": "26766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26766" + }, + { + "name": "26390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26390" + }, + { + "name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz", + "refsource": "CONFIRM", + "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz" + }, + { + "name": "FEDORA-2007-2055", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3482.json b/2007/3xxx/CVE-2007-3482.json index f527d07b835..f6a484a740a 100644 --- a/2007/3xxx/CVE-2007-3482.json +++ b/2007/3xxx/CVE-2007-3482.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the \"same origin policy\" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.0x000000.com/?i=371", - "refsource" : "MISC", - "url" : "http://www.0x000000.com/?i=371" - }, - { - "name" : "24700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24700" - }, - { - "name" : "38860", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the \"same origin policy\" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.0x000000.com/?i=371", + "refsource": "MISC", + "url": "http://www.0x000000.com/?i=371" + }, + { + "name": "24700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24700" + }, + { + "name": "38860", + "refsource": "OSVDB", + "url": "http://osvdb.org/38860" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3719.json b/2007/3xxx/CVE-2007-3719.json index 0ccd6bc248a..db5afe9106a 100644 --- a/2007/3xxx/CVE-2007-3719.json +++ b/2007/3xxx/CVE-2007-3719.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf" - }, - { - "name" : "37127", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37127", + "refsource": "OSVDB", + "url": "http://osvdb.org/37127" + }, + { + "name": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf", + "refsource": "MISC", + "url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3771.json b/2007/3xxx/CVE-2007-3771.json index 65de37d745b..c145d48a7fe 100644 --- a/2007/3xxx/CVE-2007-3771.json +++ b/2007/3xxx/CVE-2007-3771.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html" - }, - { - "name" : "24802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24802" - }, - { - "name" : "ADV-2007-2506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2506" - }, - { - "name" : "36115", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36115" - }, - { - "name" : "1018367", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018367" - }, - { - "name" : "1018371", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018371" - }, - { - "name" : "26036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26036" - }, - { - "name" : "symantec-antivirus-emailautoprotect-bo(35354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018371", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018371" + }, + { + "name": "26036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26036" + }, + { + "name": "1018367", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018367" + }, + { + "name": "symantec-antivirus-emailautoprotect-bo(35354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35354" + }, + { + "name": "ADV-2007-2506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2506" + }, + { + "name": "24802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24802" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html" + }, + { + "name": "36115", + "refsource": "OSVDB", + "url": "http://osvdb.org/36115" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6559.json b/2007/6xxx/CVE-2007-6559.json index bced603665a..112bb2e791b 100644 --- a/2007/6xxx/CVE-2007-6559.json +++ b/2007/6xxx/CVE-2007-6559.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071223 Logaholic Web Analytics Software", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485480/100/0/threaded" - }, - { - "name" : "20080326 Re: Logaholic Web Analytics Software", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490101/100/0/threaded" - }, - { - "name" : "27003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27003" - }, - { - "name" : "39790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39790" - }, - { - "name" : "39791", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39791" - }, - { - "name" : "28263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28263" - }, - { - "name" : "3496", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39791", + "refsource": "OSVDB", + "url": "http://osvdb.org/39791" + }, + { + "name": "28263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28263" + }, + { + "name": "39790", + "refsource": "OSVDB", + "url": "http://osvdb.org/39790" + }, + { + "name": "3496", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3496" + }, + { + "name": "27003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27003" + }, + { + "name": "20071223 Logaholic Web Analytics Software", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485480/100/0/threaded" + }, + { + "name": "20080326 Re: Logaholic Web Analytics Software", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490101/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6696.json b/2007/6xxx/CVE-2007-6696.json index 7b3334cfbf5..8998eefa548 100644 --- a/2007/6xxx/CVE-2007-6696.json +++ b/2007/6xxx/CVE-2007-6696.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html" - }, - { - "name" : "27461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27461" - }, - { - "name" : "41274", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41274" - }, - { - "name" : "41275", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41275" - }, - { - "name" : "41276", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27461" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html" + }, + { + "name": "41276", + "refsource": "OSVDB", + "url": "http://osvdb.org/41276" + }, + { + "name": "41275", + "refsource": "OSVDB", + "url": "http://osvdb.org/41275" + }, + { + "name": "41274", + "refsource": "OSVDB", + "url": "http://osvdb.org/41274" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1551.json b/2010/1xxx/CVE-2010-1551.json index 8ebdeb6c59e..3f985c03b71 100644 --- a/2010/1xxx/CVE-2010-1551.json +++ b/2010/1xxx/CVE-2010-1551.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511247/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-082/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-082/" - }, - { - "name" : "HPSBMA02527", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT010098", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT090226", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "40067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT010098", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "SSRT090226", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "40067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40067" + }, + { + "name": "HPSBMA02527", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511247/100/0/threaded" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-082/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-082/" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5186.json b/2010/5xxx/CVE-2010-5186.json index 4f32edb8cb4..5e5f0417a86 100644 --- a/2010/5xxx/CVE-2010-5186.json +++ b/2010/5xxx/CVE-2010-5186.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5280.json b/2010/5xxx/CVE-2010-5280.json index 83066f68e72..5208205646d 100644 --- a/2010/5xxx/CVE-2010-5280.json +++ b/2010/5xxx/CVE-2010-5280.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101008 LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514183/100/0/threaded" - }, - { - "name" : "15222", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15222" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt" - }, - { - "name" : "43873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43873" - }, - { - "name" : "41741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41741" - }, - { - "name" : "joomla-cbe-file-upload(62376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62376" - }, - { - "name" : "joomla-cbe-index-file-include(62375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43873" + }, + { + "name": "41741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41741" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt" + }, + { + "name": "20101008 LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514183/100/0/threaded" + }, + { + "name": "joomla-cbe-file-upload(62376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62376" + }, + { + "name": "15222", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15222" + }, + { + "name": "joomla-cbe-index-file-include(62375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62375" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0088.json b/2014/0xxx/CVE-2014-0088.json index aa12b1ede4f..5f5517262d9 100644 --- a/2014/0xxx/CVE-2014-0088.json +++ b/2014/0xxx/CVE-2014-0088.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" - }, - { - "name" : "1030150", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" + }, + { + "name": "1030150", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030150" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0314.json b/2014/0xxx/CVE-2014-0314.json index f6d3cfd5d95..a3eee1422d9 100644 --- a/2014/0xxx/CVE-2014-0314.json +++ b/2014/0xxx/CVE-2014-0314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0402.json b/2014/0xxx/CVE-2014-0402.json index 1066b556d75..e0cbb7c08b9 100644 --- a/2014/0xxx/CVE-2014-0402.json +++ b/2014/0xxx/CVE-2014-0402.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2845", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2845" - }, - { - "name" : "DSA-2848", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2848" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2086-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2086-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64908" - }, - { - "name" : "102068", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102068" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "56541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56541" - }, - { - "name" : "56580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56580" - }, - { - "name" : "oracle-cpujan2014-cve20140402(90379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2086-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2086-1" + }, + { + "name": "102068", + "refsource": "OSVDB", + "url": "http://osvdb.org/102068" + }, + { + "name": "64908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64908" + }, + { + "name": "oracle-cpujan2014-cve20140402(90379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90379" + }, + { + "name": "DSA-2845", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2845" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "56541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56541" + }, + { + "name": "DSA-2848", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2848" + }, + { + "name": "56580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56580" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "RHSA-2014:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0493.json b/2014/0xxx/CVE-2014-0493.json index 79618d2ada3..38c02435a75 100644 --- a/2014/0xxx/CVE-2014-0493.json +++ b/2014/0xxx/CVE-2014-0493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" - }, - { - "name" : "1029604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029604" + }, + { + "name": "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0966.json b/2014/0xxx/CVE-2014-0966.json index 77c77652552..c9096979d42 100644 --- a/2014/0xxx/CVE-2014-0966.json +++ b/2014/0xxx/CVE-2014-0966.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681651", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681651" - }, - { - "name" : "60679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60679" - }, - { - "name" : "60693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60693" - }, - { - "name" : "60695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60695" - }, - { - "name" : "ibm-infospheremdm-cve20140966-sql-injection(92880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681651", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681651" + }, + { + "name": "60693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60693" + }, + { + "name": "60679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60679" + }, + { + "name": "60695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60695" + }, + { + "name": "ibm-infospheremdm-cve20140966-sql-injection(92880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92880" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1678.json b/2014/1xxx/CVE-2014-1678.json index 6ec5fc0f12b..e083b594249 100644 --- a/2014/1xxx/CVE-2014-1678.json +++ b/2014/1xxx/CVE-2014-1678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1878.json b/2014/1xxx/CVE-2014-1878.json index 9aa9e07a453..efa4f815070 100644 --- a/2014/1xxx/CVE-2014-1878.json +++ b/2014/1xxx/CVE-2014-1878.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066578", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066578" - }, - { - "name" : "https://dev.icinga.org/issues/5434", - "refsource" : "CONFIRM", - "url" : "https://dev.icinga.org/issues/5434" - }, - { - "name" : "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6", - "refsource" : "CONFIRM", - "url" : "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6" - }, - { - "name" : "openSUSE-SU-2014:0516", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html" - }, - { - "name" : "65605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65605" - }, - { - "name" : "57024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0516", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html" + }, + { + "name": "https://dev.icinga.org/issues/5434", + "refsource": "CONFIRM", + "url": "https://dev.icinga.org/issues/5434" + }, + { + "name": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6", + "refsource": "CONFIRM", + "url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578" + }, + { + "name": "65605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65605" + }, + { + "name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html" + }, + { + "name": "57024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57024" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5212.json b/2014/5xxx/CVE-2014-5212.json index 2daff2bf605..78709254ec1 100644 --- a/2014/5xxx/CVE-2014-5212.json +++ b/2014/5xxx/CVE-2014-5212.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141219 SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534284" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=904134", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=904134" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=3426981", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=3426981" - }, - { - "name" : "1031408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=904134", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=904134" + }, + { + "name": "20141219 SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534284" + }, + { + "name": "1031408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031408" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=3426981", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=3426981" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5326.json b/2014/5xxx/CVE-2014-5326.json index 58d36fe4eac..12ff91613fc 100644 --- a/2014/5xxx/CVE-2014-5326.json +++ b/2014/5xxx/CVE-2014-5326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-5326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#52422792", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52422792/index.html" - }, - { - "name" : "JVNDB-2014-000118", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#52422792", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52422792/index.html" + }, + { + "name": "JVNDB-2014-000118", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5568.json b/2014/5xxx/CVE-2014-5568.json index f21535f1d75..8e4d3288336 100644 --- a/2014/5xxx/CVE-2014-5568.json +++ b/2014/5xxx/CVE-2014-5568.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#836289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/836289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#836289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/836289" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5573.json b/2014/5xxx/CVE-2014-5573.json index 663b4929503..c294d0cab4c 100644 --- a/2014/5xxx/CVE-2014-5573.json +++ b/2014/5xxx/CVE-2014-5573.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#887857", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/887857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#887857", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/887857" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5710.json b/2014/5xxx/CVE-2014-5710.json index 0691dd382a4..e67f3e3e9aa 100644 --- a/2014/5xxx/CVE-2014-5710.json +++ b/2014/5xxx/CVE-2014-5710.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#319993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/319993" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#319993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/319993" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2291.json b/2015/2xxx/CVE-2015-2291.json index ce1496b5af4..bb5729c13a4 100644 --- a/2015/2xxx/CVE-2015-2291.json +++ b/2015/2xxx/CVE-2015-2291.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36392", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36392/" - }, - { - "name" : "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr" - }, - { - "name" : "79623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36392", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36392/" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr" + }, + { + "name": "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html" + }, + { + "name": "79623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79623" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2310.json b/2015/2xxx/CVE-2015-2310.json index 389f93f40f9..6db12570d11 100644 --- a/2015/2xxx/CVE-2015-2310.json +++ b/2015/2xxx/CVE-2015-2310.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-2310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565" - }, - { - "name" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md" - }, - { - "name" : "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa", - "refsource" : "CONFIRM", - "url" : "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md", + "refsource": "CONFIRM", + "url": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565" + }, + { + "name": "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/17/3" + }, + { + "name": "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa", + "refsource": "CONFIRM", + "url": "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2530.json b/2015/2xxx/CVE-2015-2530.json index 0d65240c85e..1f7266139a7 100644 --- a/2015/2xxx/CVE-2015-2530.json +++ b/2015/2xxx/CVE-2015-2530.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka \"Windows Journal RCE Vulnerability,\" a different vulnerability than CVE-2015-2513 and CVE-2015-2514." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-098", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-098" - }, - { - "name" : "1033484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka \"Windows Journal RCE Vulnerability,\" a different vulnerability than CVE-2015-2513 and CVE-2015-2514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-098", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-098" + }, + { + "name": "1033484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033484" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2586.json b/2015/2xxx/CVE-2015-2586.json index a8c0c4f24a3..acc198341ed 100644 --- a/2015/2xxx/CVE-2015-2586.json +++ b/2015/2xxx/CVE-2015-2586.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032903" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2976.json b/2015/2xxx/CVE-2015-2976.json index c8f4b0dbed8..6de99380770 100644 --- a/2015/2xxx/CVE-2015-2976.json +++ b/2015/2xxx/CVE-2015-2976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lite.research-artisan.net/main/download", - "refsource" : "CONFIRM", - "url" : "http://lite.research-artisan.net/main/download" - }, - { - "name" : "JVN#58020495", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN58020495/index.html" - }, - { - "name" : "JVNDB-2015-000104", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lite.research-artisan.net/main/download", + "refsource": "CONFIRM", + "url": "http://lite.research-artisan.net/main/download" + }, + { + "name": "JVNDB-2015-000104", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000104" + }, + { + "name": "JVN#58020495", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN58020495/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10113.json b/2016/10xxx/CVE-2016-10113.json index ff1d7c9b7f7..8a59362a6ef 100644 --- a/2016/10xxx/CVE-2016-10113.json +++ b/2016/10xxx/CVE-2016-10113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10341.json b/2016/10xxx/CVE-2016-10341.json index 349b83fe4c7..9ee158f6f87 100644 --- a/2016/10xxx/CVE-2016-10341.json +++ b/2016/10xxx/CVE-2016-10341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2016-10341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2016-10341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10529.json b/2016/10xxx/CVE-2016-10529.json index 9b29c212eac..faabc27c185 100644 --- a/2016/10xxx/CVE-2016-10529.json +++ b/2016/10xxx/CVE-2016-10529.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "droppy node module", - "version" : { - "version_data" : [ - { - "version_value" : "<3.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) (CWE-352)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "droppy node module", + "version": { + "version_data": [ + { + "version_value": "<3.5.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/91", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/91" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/91", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/91" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3055.json b/2016/3xxx/CVE-2016-3055.json index 96925f22d95..21246f3c50a 100644 --- a/2016/3xxx/CVE-2016-3055.json +++ b/2016/3xxx/CVE-2016-3055.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987128", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987128" - }, - { - "name" : "92411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92411" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987128", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987128" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3146.json b/2016/3xxx/CVE-2016-3146.json index 248219194ad..e255391102b 100644 --- a/2016/3xxx/CVE-2016-3146.json +++ b/2016/3xxx/CVE-2016-3146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4429.json b/2016/4xxx/CVE-2016-4429.json index 15846af2e85..aa68846589e 100644 --- a/2016/4xxx/CVE-2016-4429.json +++ b/2016/4xxx/CVE-2016-4429.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20112" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "openSUSE-SU-2016:1527", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html" - }, - { - "name" : "openSUSE-SU-2016:1779", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html" - }, - { - "name" : "USN-3759-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3759-1/" - }, - { - "name" : "USN-3759-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3759-2/" - }, - { - "name" : "102073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3759-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3759-2/" + }, + { + "name": "openSUSE-SU-2016:1779", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html" + }, + { + "name": "USN-3759-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3759-1/" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "openSUSE-SU-2016:1527", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html" + }, + { + "name": "102073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102073" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4530.json b/2016/4xxx/CVE-2016-4530.json index f17d93950ac..dfbb1b904ca 100644 --- a/2016/4xxx/CVE-2016-4530.json +++ b/2016/4xxx/CVE-2016-4530.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01" - }, - { - "name" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300", - "refsource" : "CONFIRM", - "url" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300", + "refsource": "CONFIRM", + "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8081.json b/2016/8xxx/CVE-2016-8081.json index 07114688aad..888a45d6f24 100644 --- a/2016/8xxx/CVE-2016-8081.json +++ b/2016/8xxx/CVE-2016-8081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8081", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8081", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8595.json b/2016/8xxx/CVE-2016-8595.json index a2d719babac..cfd3d6ef457 100644 --- a/2016/8xxx/CVE-2016-8595.json +++ b/2016/8xxx/CVE-2016-8595.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161208 [CVE-2016-8595] ffmpeg crashes with an assert", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/08/2" - }, - { - "name" : "94757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161208 [CVE-2016-8595] ffmpeg crashes with an assert", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/2" + }, + { + "name": "94757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94757" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8745.json b/2016/8xxx/CVE-2016-8745.json index ad8d2845aae..f2c8e1ba25f 100644 --- a/2016/8xxx/CVE-2016-8745.json +++ b/2016/8xxx/CVE-2016-8745.json @@ -1,140 +1,140 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-01-05T00:00:00", - "ID" : "CVE-2016-8745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.M1 to 9.0.0.M13" - }, - { - "version_value" : "8.5.0 to 8.5.8" - }, - { - "version_value" : "8.0.0.RC1 to 8.0.39" - }, - { - "version_value" : "7.0.0 to 7.0.73" - }, - { - "version_value" : "6.0.16 to 6.0.48" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-01-05T00:00:00", + "ID": "CVE-2016-8745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "9.0.0.M1 to 9.0.0.M13" + }, + { + "version_value": "8.5.0 to 8.5.8" + }, + { + "version_value": "8.0.0.RC1 to 8.0.39" + }, + { + "version_value": "7.0.0 to 7.0.73" + }, + { + "version_value": "6.0.16 to 6.0.48" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20170105 [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180607-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180607-0002/" - }, - { - "name" : "DSA-3754", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3754" - }, - { - "name" : "DSA-3755", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3755" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "RHSA-2017:0455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0455" - }, - { - "name" : "RHSA-2017:0456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0456" - }, - { - "name" : "RHSA-2017:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html" - }, - { - "name" : "RHSA-2017:0527", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0527.html" - }, - { - "name" : "RHSA-2017:0935", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0935" - }, - { - "name" : "94828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94828" - }, - { - "name" : "1037432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94828" + }, + { + "name": "1037432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037432" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180607-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180607-0002/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2017:0935", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0935" + }, + { + "name": "DSA-3754", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3754" + }, + { + "name": "RHSA-2017:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" + }, + { + "name": "DSA-3755", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3755" + }, + { + "name": "RHSA-2017:0455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0455" + }, + { + "name": "RHSA-2017:0527", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html" + }, + { + "name": "RHSA-2017:0456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0456" + }, + { + "name": "[announce] 20170105 [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9058.json b/2016/9xxx/CVE-2016-9058.json index 57894328817..bfa1f145c04 100644 --- a/2016/9xxx/CVE-2016-9058.json +++ b/2016/9xxx/CVE-2016-9058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9058", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9069.json b/2016/9xxx/CVE-2016-9069.json index 16430e9d244..0050edbcb45 100644 --- a/2016/9xxx/CVE-2016-9069.json +++ b/2016/9xxx/CVE-2016-9069.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-use-after-free in nsINode::ReplaceOrInsertBefore" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-use-after-free in nsINode::ReplaceOrInsertBefore" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9334.json b/2016/9xxx/CVE-2016-9334.json index 5141041057f..ab58ec79912 100644 --- a/2016/9xxx/CVE-2016-9334.json +++ b/2016/9xxx/CVE-2016-9334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation MicroLogix 1100 and 1400", - "version" : { - "version_data" : [ - { - "version_value" : "Rockwell Automation MicroLogix 1100 and 1400" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation MicroLogix 1100 and 1400 cleartext password" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation MicroLogix 1100 and 1400", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation MicroLogix 1100 and 1400" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06" - }, - { - "name" : "95302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Rockwell Automation MicroLogix 1100 and 1400 cleartext password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06" + }, + { + "name": "95302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95302" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9774.json b/2016/9xxx/CVE-2016-9774.json index 05e51e220c5..4aab9326e8f 100644 --- a/2016/9xxx/CVE-2016-9774.json +++ b/2016/9xxx/CVE-2016-9774.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/5" - }, - { - "name" : "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/10" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180731-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180731-0002/" - }, - { - "name" : "DSA-3738", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3738" - }, - { - "name" : "DSA-3739", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3739" - }, - { - "name" : "USN-3177-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3177-1" - }, - { - "name" : "USN-3177-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3177-2" - }, - { - "name" : "94643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3177-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3177-2" + }, + { + "name": "94643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94643" + }, + { + "name": "DSA-3739", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3739" + }, + { + "name": "DSA-3738", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3738" + }, + { + "name": "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/5" + }, + { + "name": "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/10" + }, + { + "name": "USN-3177-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3177-1" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180731-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180731-0002/" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9944.json b/2016/9xxx/CVE-2016-9944.json index 1b8bc98d01f..352081db950 100644 --- a/2016/9xxx/CVE-2016-9944.json +++ b/2016/9xxx/CVE-2016-9944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2291.json b/2019/2xxx/CVE-2019-2291.json index 0dc4e100e5d..39a1dec3217 100644 --- a/2019/2xxx/CVE-2019-2291.json +++ b/2019/2xxx/CVE-2019-2291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2364.json b/2019/2xxx/CVE-2019-2364.json index 4ae2a6df596..7f35a6340f1 100644 --- a/2019/2xxx/CVE-2019-2364.json +++ b/2019/2xxx/CVE-2019-2364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2631.json b/2019/2xxx/CVE-2019-2631.json index e6ab791db8e..2a0a9b19692 100644 --- a/2019/2xxx/CVE-2019-2631.json +++ b/2019/2xxx/CVE-2019-2631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2848.json b/2019/2xxx/CVE-2019-2848.json index ddc0eeae8ac..a573f029341 100644 --- a/2019/2xxx/CVE-2019-2848.json +++ b/2019/2xxx/CVE-2019-2848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2882.json b/2019/2xxx/CVE-2019-2882.json index e4dc47b2360..ceb518a86c1 100644 --- a/2019/2xxx/CVE-2019-2882.json +++ b/2019/2xxx/CVE-2019-2882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6028.json b/2019/6xxx/CVE-2019-6028.json index cedca2d6348..9b324fffb4d 100644 --- a/2019/6xxx/CVE-2019-6028.json +++ b/2019/6xxx/CVE-2019-6028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6451.json b/2019/6xxx/CVE-2019-6451.json index 0a423ced2a1..a0dacb8aeef 100644 --- a/2019/6xxx/CVE-2019-6451.json +++ b/2019/6xxx/CVE-2019-6451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6983.json b/2019/6xxx/CVE-2019-6983.json index 1f067c8fdfa..1eaed160dfb 100644 --- a/2019/6xxx/CVE-2019-6983.json +++ b/2019/6xxx/CVE-2019-6983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7311.json b/2019/7xxx/CVE-2019-7311.json index 6300ae7e962..b4b871ed198 100644 --- a/2019/7xxx/CVE-2019-7311.json +++ b/2019/7xxx/CVE-2019-7311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7504.json b/2019/7xxx/CVE-2019-7504.json index 8c1ac791e9c..02b68a52bb8 100644 --- a/2019/7xxx/CVE-2019-7504.json +++ b/2019/7xxx/CVE-2019-7504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7513.json b/2019/7xxx/CVE-2019-7513.json index 6750f4c11d3..421328ad0e1 100644 --- a/2019/7xxx/CVE-2019-7513.json +++ b/2019/7xxx/CVE-2019-7513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file