From 169a19604c3b12cd28f18cd7081b5a36028cef24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:58:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5035.json | 150 +++++----- 2007/2xxx/CVE-2007-2003.json | 140 ++++----- 2007/2xxx/CVE-2007-2743.json | 170 +++++------ 2007/2xxx/CVE-2007-2918.json | 210 ++++++------- 2007/3xxx/CVE-2007-3313.json | 190 ++++++------ 2007/3xxx/CVE-2007-3358.json | 170 +++++------ 2007/3xxx/CVE-2007-3393.json | 340 ++++++++++----------- 2007/3xxx/CVE-2007-3670.json | 520 ++++++++++++++++----------------- 2007/3xxx/CVE-2007-3695.json | 140 ++++----- 2007/3xxx/CVE-2007-3984.json | 140 ++++----- 2007/6xxx/CVE-2007-6159.json | 150 +++++----- 2007/6xxx/CVE-2007-6215.json | 140 ++++----- 2007/6xxx/CVE-2007-6268.json | 190 ++++++------ 2007/6xxx/CVE-2007-6519.json | 180 ++++++------ 2010/0xxx/CVE-2010-0184.json | 160 +++++----- 2010/0xxx/CVE-2010-0367.json | 130 ++++----- 2010/0xxx/CVE-2010-0785.json | 190 ++++++------ 2010/1xxx/CVE-2010-1097.json | 150 +++++----- 2010/1xxx/CVE-2010-1179.json | 140 ++++----- 2010/1xxx/CVE-2010-1309.json | 120 ++++---- 2010/1xxx/CVE-2010-1851.json | 130 ++++----- 2014/0xxx/CVE-2014-0082.json | 200 ++++++------- 2014/0xxx/CVE-2014-0467.json | 200 ++++++------- 2014/0xxx/CVE-2014-0640.json | 150 +++++----- 2014/0xxx/CVE-2014-0862.json | 130 ++++----- 2014/1xxx/CVE-2014-1311.json | 150 +++++----- 2014/1xxx/CVE-2014-1489.json | 240 +++++++-------- 2014/1xxx/CVE-2014-1510.json | 250 ++++++++-------- 2014/4xxx/CVE-2014-4214.json | 200 ++++++------- 2014/4xxx/CVE-2014-4560.json | 120 ++++---- 2014/4xxx/CVE-2014-4681.json | 34 +-- 2014/4xxx/CVE-2014-4946.json | 170 +++++------ 2014/5xxx/CVE-2014-5147.json | 130 ++++----- 2014/5xxx/CVE-2014-5218.json | 34 +-- 2014/5xxx/CVE-2014-5498.json | 34 +-- 2016/10xxx/CVE-2016-10469.json | 132 ++++----- 2016/10xxx/CVE-2016-10542.json | 132 ++++----- 2016/10xxx/CVE-2016-10556.json | 132 ++++----- 2016/10xxx/CVE-2016-10611.json | 122 ++++---- 2016/10xxx/CVE-2016-10704.json | 120 ++++---- 2016/3xxx/CVE-2016-3057.json | 140 ++++----- 2016/3xxx/CVE-2016-3921.json | 140 ++++----- 2016/8xxx/CVE-2016-8237.json | 130 ++++----- 2016/8xxx/CVE-2016-8747.json | 176 +++++------ 2016/8xxx/CVE-2016-8748.json | 138 ++++----- 2016/8xxx/CVE-2016-8886.json | 180 ++++++------ 2016/9xxx/CVE-2016-9190.json | 170 +++++------ 2016/9xxx/CVE-2016-9824.json | 130 ++++----- 2016/9xxx/CVE-2016-9946.json | 34 +-- 2019/2xxx/CVE-2019-2034.json | 34 +-- 2019/2xxx/CVE-2019-2334.json | 34 +-- 2019/2xxx/CVE-2019-2865.json | 34 +-- 2019/2xxx/CVE-2019-2871.json | 34 +-- 2019/6xxx/CVE-2019-6151.json | 34 +-- 2019/6xxx/CVE-2019-6796.json | 34 +-- 2019/6xxx/CVE-2019-6985.json | 120 ++++---- 2019/7xxx/CVE-2019-7417.json | 34 +-- 2019/7xxx/CVE-2019-7791.json | 34 +-- 58 files changed, 4080 insertions(+), 4080 deletions(-) diff --git a/2006/5xxx/CVE-2006-5035.json b/2006/5xxx/CVE-2006-5035.json index 59b594a74b6..a78e007c5e2 100644 --- a/2006/5xxx/CVE-2006-5035.json +++ b/2006/5xxx/CVE-2006-5035.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3569" - }, - { - "name" : "28809", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28809" - }, - { - "name" : "28810", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28810" - }, - { - "name" : "21862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21862" + }, + { + "name": "28809", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28809" + }, + { + "name": "ADV-2006-3569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3569" + }, + { + "name": "28810", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28810" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2003.json b/2007/2xxx/CVE-2007-2003.json index 2bd3e01ab4b..3980c4f1d2c 100644 --- a/2007/2xxx/CVE-2007-2003.json +++ b/2007/2xxx/CVE-2007-2003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3702", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3702" - }, - { - "name" : "ADV-2007-1345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1345" - }, - { - "name" : "24842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24842" + }, + { + "name": "3702", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3702" + }, + { + "name": "ADV-2007-1345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1345" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2743.json b/2007/2xxx/CVE-2007-2743.json index 0f22900db2f..0644bc0cf0b 100644 --- a/2007/2xxx/CVE-2007-2743.json +++ b/2007/2xxx/CVE-2007-2743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3935" - }, - { - "name" : "24009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24009" - }, - { - "name" : "35520", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35520" - }, - { - "name" : "ADV-2007-1852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1852" - }, - { - "name" : "25303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25303" - }, - { - "name" : "glossword-customvars-file-include(34330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25303" + }, + { + "name": "24009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24009" + }, + { + "name": "ADV-2007-1852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1852" + }, + { + "name": "glossword-customvars-file-include(34330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34330" + }, + { + "name": "35520", + "refsource": "OSVDB", + "url": "http://osvdb.org/35520" + }, + { + "name": "3935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3935" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2918.json b/2007/2xxx/CVE-2007-2918.json index cd9e2b1ea76..eb0753b956b 100644 --- a/2007/2xxx/CVE-2007-2918.json +++ b/2007/2xxx/CVE-2007-2918.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#330289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/330289" - }, - { - "name" : "24254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24254" - }, - { - "name" : "ADV-2007-2018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2018" - }, - { - "name" : "36820", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36820" - }, - { - "name" : "36821", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36821" - }, - { - "name" : "36822", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36822" - }, - { - "name" : "36823", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36823" - }, - { - "name" : "36824", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36824" - }, - { - "name" : "25514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25514" - }, - { - "name" : "logitech-multiple-activex-bo(34658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#330289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/330289" + }, + { + "name": "36821", + "refsource": "OSVDB", + "url": "http://osvdb.org/36821" + }, + { + "name": "25514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25514" + }, + { + "name": "36820", + "refsource": "OSVDB", + "url": "http://osvdb.org/36820" + }, + { + "name": "36824", + "refsource": "OSVDB", + "url": "http://osvdb.org/36824" + }, + { + "name": "logitech-multiple-activex-bo(34658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34658" + }, + { + "name": "24254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24254" + }, + { + "name": "ADV-2007-2018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2018" + }, + { + "name": "36822", + "refsource": "OSVDB", + "url": "http://osvdb.org/36822" + }, + { + "name": "36823", + "refsource": "OSVDB", + "url": "http://osvdb.org/36823" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3313.json b/2007/3xxx/CVE-2007-3313.json index f2c8a1060c1..51a523deb0d 100644 --- a/2007/3xxx/CVE-2007-3313.json +++ b/2007/3xxx/CVE-2007-3313.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4081" - }, - { - "name" : "24546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24546" - }, - { - "name" : "37068", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37068" - }, - { - "name" : "37069", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37069" - }, - { - "name" : "ADV-2007-2264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2264" - }, - { - "name" : "25737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25737" - }, - { - "name" : "jasminecms-login-code-execution(34937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34937" - }, - { - "name" : "jasminecms-news-sql-injection(34936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24546" + }, + { + "name": "jasminecms-news-sql-injection(34936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34936" + }, + { + "name": "ADV-2007-2264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2264" + }, + { + "name": "25737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25737" + }, + { + "name": "37069", + "refsource": "OSVDB", + "url": "http://osvdb.org/37069" + }, + { + "name": "4081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4081" + }, + { + "name": "37068", + "refsource": "OSVDB", + "url": "http://osvdb.org/37068" + }, + { + "name": "jasminecms-login-code-execution(34937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34937" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3358.json b/2007/3xxx/CVE-2007-3358.json index 6f35b59e4db..3066f1a9bd8 100644 --- a/2007/3xxx/CVE-2007-3358.json +++ b/2007/3xxx/CVE-2007-3358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4089", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4089" - }, - { - "name" : "24581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24581" - }, - { - "name" : "ADV-2007-2291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2291" - }, - { - "name" : "36324", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36324" - }, - { - "name" : "25680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25680" - }, - { - "name" : "serweb-loadlang-file-include(34973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36324", + "refsource": "OSVDB", + "url": "http://osvdb.org/36324" + }, + { + "name": "25680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25680" + }, + { + "name": "4089", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4089" + }, + { + "name": "serweb-loadlang-file-include(34973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34973" + }, + { + "name": "ADV-2007-2291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2291" + }, + { + "name": "24581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24581" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3393.json b/2007/3xxx/CVE-2007-3393.json index 9bef130124e..25d63eb32a1 100644 --- a/2007/3xxx/CVE-2007-3393.json +++ b/2007/3xxx/CVE-2007-3393.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1498", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1498" - }, - { - "name" : "DSA-1322", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1322" - }, - { - "name" : "GLSA-200708-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-12.xml" - }, - { - "name" : "MDKSA-2007:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145" - }, - { - "name" : "RHSA-2007:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0710.html" - }, - { - "name" : "RHSA-2007:0709", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0709.html" - }, - { - "name" : "RHSA-2008:0059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24662" - }, - { - "name" : "37639", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37639" - }, - { - "name" : "oval:org.mitre.oval:def:11010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11010" - }, - { - "name" : "22588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22588/" - }, - { - "name" : "ADV-2007-2353", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2353" - }, - { - "name" : "1018315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018315" - }, - { - "name" : "25877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25877" - }, - { - "name" : "26004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26004" - }, - { - "name" : "25833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25833" - }, - { - "name" : "25987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25987" - }, - { - "name" : "26499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26499" - }, - { - "name" : "28583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28583" - }, - { - "name" : "wireshark-dhcpbootp-dos(35113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25833" + }, + { + "name": "wireshark-dhcpbootp-dos(35113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35113" + }, + { + "name": "25877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25877" + }, + { + "name": "RHSA-2008:0059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-02.html" + }, + { + "name": "RHSA-2007:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0710.html" + }, + { + "name": "26499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26499" + }, + { + "name": "25987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25987" + }, + { + "name": "26004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26004" + }, + { + "name": "GLSA-200708-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-12.xml" + }, + { + "name": "RHSA-2007:0709", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0709.html" + }, + { + "name": "MDKSA-2007:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145" + }, + { + "name": "22588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22588/" + }, + { + "name": "1018315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018315" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1498", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1498" + }, + { + "name": "24662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24662" + }, + { + "name": "28583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28583" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html" + }, + { + "name": "37639", + "refsource": "OSVDB", + "url": "http://osvdb.org/37639" + }, + { + "name": "ADV-2007-2353", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2353" + }, + { + "name": "DSA-1322", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1322" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:11010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11010" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3670.json b/2007/3xxx/CVE-2007-3670.json index f644808c9bc..005e7f2b61d 100644 --- a/2007/3xxx/CVE-2007-3670.json +++ b/2007/3xxx/CVE-2007-3670.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565" - }, - { - "name" : "20070710 Internet Explorer 0day exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473276/100/0/threaded" - }, - { - "name" : "20070710 Internet Explorer 0day exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html" - }, - { - "name" : "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/", - "refsource" : "MISC", - "url" : "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/" - }, - { - "name" : "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html", - "refsource" : "MISC", - "url" : "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html" - }, - { - "name" : "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/", - "refsource" : "MISC", - "url" : "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/" - }, - { - "name" : "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx", - "refsource" : "MISC", - "url" : "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx" - }, - { - "name" : "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/" - }, - { - "name" : "http://www.virusbtn.com/news/virus_news/2007/07_11.xml", - "refsource" : "MISC", - "url" : "http://www.virusbtn.com/news/virus_news/2007/07_11.xml" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html" - }, - { - "name" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" - }, - { - "name" : "MDKSA-2007:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" - }, - { - "name" : "SUSE-SA:2007:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html" - }, - { - "name" : "USN-503-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-503-1" - }, - { - "name" : "TA07-199A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-199A.html" - }, - { - "name" : "VU#358017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/358017" - }, - { - "name" : "24837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24837" - }, - { - "name" : "38017", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38017" - }, - { - "name" : "ADV-2007-2473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2473" - }, - { - "name" : "ADV-2007-2565", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2565" - }, - { - "name" : "ADV-2007-4272", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4272" - }, - { - "name" : "ADV-2008-0082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0082" - }, - { - "name" : "1018351", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018351" - }, - { - "name" : "1018360", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018360" - }, - { - "name" : "25984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25984" - }, - { - "name" : "26096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26096" - }, - { - "name" : "26149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26149" - }, - { - "name" : "26216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26216" - }, - { - "name" : "26204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26204" - }, - { - "name" : "26271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26271" - }, - { - "name" : "26258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26258" - }, - { - "name" : "26572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26572" - }, - { - "name" : "28179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28179" - }, - { - "name" : "28363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28363" - }, - { - "name" : "ie-firefoxurl-command-execution(35346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2473" + }, + { + "name": "USN-503-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-503-1" + }, + { + "name": "1018360", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018360" + }, + { + "name": "1018351", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018351" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" + }, + { + "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/", + "refsource": "MISC", + "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "MDKSA-2007:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" + }, + { + "name": "25984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25984" + }, + { + "name": "ie-firefoxurl-command-execution(35346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346" + }, + { + "name": "TA07-199A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html" + }, + { + "name": "28179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28179" + }, + { + "name": "24837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24837" + }, + { + "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx", + "refsource": "MISC", + "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx" + }, + { + "name": "26216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26216" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" + }, + { + "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml", + "refsource": "MISC", + "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml" + }, + { + "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/" + }, + { + "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565" + }, + { + "name": "ADV-2007-2565", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2565" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html" + }, + { + "name": "26149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26149" + }, + { + "name": "ADV-2008-0082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0082" + }, + { + "name": "38017", + "refsource": "OSVDB", + "url": "http://osvdb.org/38017" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html" + }, + { + "name": "VU#358017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/358017" + }, + { + "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html", + "refsource": "MISC", + "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html" + }, + { + "name": "ADV-2007-4272", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4272" + }, + { + "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/", + "refsource": "MISC", + "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/" + }, + { + "name": "SUSE-SA:2007:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt" + }, + { + "name": "20070710 Internet Explorer 0day exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html" + }, + { + "name": "26258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26258" + }, + { + "name": "28363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28363" + }, + { + "name": "20070710 Internet Explorer 0day exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded" + }, + { + "name": "26271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26271" + }, + { + "name": "26204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26204" + }, + { + "name": "26572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26572" + }, + { + "name": "26096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26096" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3695.json b/2007/3xxx/CVE-2007-3695.json index 267e3f3b0c4..f05819db854 100644 --- a/2007/3xxx/CVE-2007-3695.json +++ b/2007/3xxx/CVE-2007-3695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf", - "refsource" : "MISC", - "url" : "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf" - }, - { - "name" : "24817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24817" - }, - { - "name" : "39597", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf", + "refsource": "MISC", + "url": "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf" + }, + { + "name": "24817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24817" + }, + { + "name": "39597", + "refsource": "OSVDB", + "url": "http://osvdb.org/39597" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3984.json b/2007/3xxx/CVE-2007-3984.json index ec9d767d503..0d81e03df9e 100644 --- a/2007/3xxx/CVE-2007-3984.json +++ b/2007/3xxx/CVE-2007-3984.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4214", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4214" - }, - { - "name" : "25025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25025" - }, - { - "name" : "36714", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25025" + }, + { + "name": "36714", + "refsource": "OSVDB", + "url": "http://osvdb.org/36714" + }, + { + "name": "4214", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4214" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6159.json b/2007/6xxx/CVE-2007-6159.json index 46937ad10d1..448d1e1aaaf 100644 --- a/2007/6xxx/CVE-2007-6159.json +++ b/2007/6xxx/CVE-2007-6159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071126 Tilde CMS <= v. 4.x \"aarstal\" parameter of \"yeardetail\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484206/100/0/threaded" - }, - { - "name" : "26591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26591" - }, - { - "name" : "3402", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3402" - }, - { - "name" : "tildecms-aarstal-sql-injection(38647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tildecms-aarstal-sql-injection(38647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38647" + }, + { + "name": "3402", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3402" + }, + { + "name": "26591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26591" + }, + { + "name": "20071126 Tilde CMS <= v. 4.x \"aarstal\" parameter of \"yeardetail\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484206/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6215.json b/2007/6xxx/CVE-2007-6215.json index 5ddbf3fb07f..336238769c6 100644 --- a/2007/6xxx/CVE-2007-6215.json +++ b/2007/6xxx/CVE-2007-6215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4676", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4676" - }, - { - "name" : "26641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26641" - }, - { - "name" : "webmeetme-play-directory-traversal(38772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webmeetme-play-directory-traversal(38772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38772" + }, + { + "name": "4676", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4676" + }, + { + "name": "26641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26641" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6268.json b/2007/6xxx/CVE-2007-6268.json index 1ab16d96c98..571a97c5b0a 100644 --- a/2007/6xxx/CVE-2007-6268.json +++ b/2007/6xxx/CVE-2007-6268.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119678724111351&w=2" - }, - { - "name" : "http://www.procheckup.com/Vulnerability_PR07-39.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulnerability_PR07-39.php" - }, - { - "name" : "http://www.xigla.com/news/default.aspx", - "refsource" : "MISC", - "url" : "http://www.xigla.com/news/default.aspx" - }, - { - "name" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip", - "refsource" : "MISC", - "url" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip" - }, - { - "name" : "26692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26692" - }, - { - "name" : "40575", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40575" - }, - { - "name" : "27923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27923" - }, - { - "name" : "absolutenewsmanager-default-dir-traversal(38870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/Vulnerability_PR07-39.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulnerability_PR07-39.php" + }, + { + "name": "40575", + "refsource": "OSVDB", + "url": "http://osvdb.org/40575" + }, + { + "name": "26692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26692" + }, + { + "name": "http://www.xigla.com/news/default.aspx", + "refsource": "MISC", + "url": "http://www.xigla.com/news/default.aspx" + }, + { + "name": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip", + "refsource": "MISC", + "url": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip" + }, + { + "name": "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119678724111351&w=2" + }, + { + "name": "27923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27923" + }, + { + "name": "absolutenewsmanager-default-dir-traversal(38870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38870" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6519.json b/2007/6xxx/CVE-2007-6519.json index 60706c5ff3d..af833fa35fc 100644 --- a/2007/6xxx/CVE-2007-6519.json +++ b/2007/6xxx/CVE-2007-6519.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBTU02300", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389" - }, - { - "name" : "SSRT071452", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389" - }, - { - "name" : "26964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26964" - }, - { - "name" : "ADV-2007-4293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4293" - }, - { - "name" : "1019135", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019135" - }, - { - "name" : "28192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28192" - }, - { - "name" : "hp-ffm-dos(39172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4293" + }, + { + "name": "1019135", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019135" + }, + { + "name": "28192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28192" + }, + { + "name": "HPSBTU02300", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389" + }, + { + "name": "26964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26964" + }, + { + "name": "hp-ffm-dos(39172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39172" + }, + { + "name": "SSRT071452", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0184.json b/2010/0xxx/CVE-2010-0184.json index ae512349369..9300094d485 100644 --- a/2010/0xxx/CVE-2010-0184.json +++ b/2010/0xxx/CVE-2010-0184.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt" - }, - { - "name" : "37805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37805" - }, - { - "name" : "38191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38191" - }, - { - "name" : "ADV-2010-0128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt" + }, + { + "name": "37805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37805" + }, + { + "name": "ADV-2010-0128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0128" + }, + { + "name": "38191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38191" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0367.json b/2010/0xxx/CVE-2010-0367.json index 7cb3a6b59fc..f1cfed5e6e1 100644 --- a/2010/0xxx/CVE-2010-0367.json +++ b/2010/0xxx/CVE-2010-0367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt" - }, - { - "name" : "bitsvideo-showcasesearch-file-include(55740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt" + }, + { + "name": "bitsvideo-showcasesearch-file-include(55740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0785.json b/2010/0xxx/CVE-2010-0785.json index 71b35f30b8c..9feeb5b3690 100644 --- a/2010/0xxx/CVE-2010-0785.json +++ b/2010/0xxx/CVE-2010-0785.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM18909", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909" - }, - { - "name" : "PM23874", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874" - }, - { - "name" : "43875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43875" - }, - { - "name" : "41722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41722" - }, - { - "name" : "ADV-2010-2595", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2595" - }, - { - "name" : "was-admin-console-csrf(62949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM18909", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909" + }, + { + "name": "41722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41722" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980" + }, + { + "name": "ADV-2010-2595", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2595" + }, + { + "name": "was-admin-console-csrf(62949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62949" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "PM23874", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874" + }, + { + "name": "43875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43875" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1097.json b/2010/1xxx/CVE-2010-1097.json index 8ade67acf7d..0804aed5e5e 100644 --- a/2010/1xxx/CVE-2010-1097.json +++ b/2010/1xxx/CVE-2010-1097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bbs.wolvez.org/topic/125/", - "refsource" : "MISC", - "url" : "http://bbs.wolvez.org/topic/125/" - }, - { - "name" : "38469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38469" - }, - { - "name" : "62622", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62622" - }, - { - "name" : "38790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62622", + "refsource": "OSVDB", + "url": "http://osvdb.org/62622" + }, + { + "name": "http://bbs.wolvez.org/topic/125/", + "refsource": "MISC", + "url": "http://bbs.wolvez.org/topic/125/" + }, + { + "name": "38469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38469" + }, + { + "name": "38790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38790" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1179.json b/2010/1xxx/CVE-2010-1179.json index 411bafcdcea..18fc10d11f7 100644 --- a/2010/1xxx/CVE-2010-1179.json +++ b/2010/1xxx/CVE-2010-1179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php", - "refsource" : "MISC", - "url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php" - }, - { - "name" : "11890", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11890" - }, - { - "name" : "38990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php", + "refsource": "MISC", + "url": "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php" + }, + { + "name": "11890", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11890" + }, + { + "name": "38990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38990" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1309.json b/2010/1xxx/CVE-2010-1309.json index eccae9ef383..f7578510fd1 100644 --- a/2010/1xxx/CVE-2010-1309.json +++ b/2010/1xxx/CVE-2010-1309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11938", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11938", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11938" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1851.json b/2010/1xxx/CVE-2010-1851.json index 3eb30bebb3e..e1b4dda1f45 100644 --- a/2010/1xxx/CVE-2010-1851.json +++ b/2010/1xxx/CVE-2010-1851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a \"cross-site data leakage\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnet.com/8301-31361_1-20004265-254.html", - "refsource" : "MISC", - "url" : "http://www.cnet.com/8301-31361_1-20004265-254.html" - }, - { - "name" : "oval:org.mitre.oval:def:11757", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a \"cross-site data leakage\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cnet.com/8301-31361_1-20004265-254.html", + "refsource": "MISC", + "url": "http://www.cnet.com/8301-31361_1-20004265-254.html" + }, + { + "name": "oval:org.mitre.oval:def:11757", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11757" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0082.json b/2014/0xxx/CVE-2014-0082.json index 2511e9be3c7..d4405ef9282 100644 --- a/2014/0xxx/CVE-2014-0082.json +++ b/2014/0xxx/CVE-2014-0082.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/18/10" - }, - { - "name" : "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-0082", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-0082" - }, - { - "name" : "RHSA-2014:0215", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0215.html" - }, - { - "name" : "RHSA-2014:0306", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0306.html" - }, - { - "name" : "openSUSE-SU-2014:0295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" - }, - { - "name" : "57376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57376" - }, - { - "name" : "57836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" + }, + { + "name": "RHSA-2014:0215", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" + }, + { + "name": "57836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57836" + }, + { + "name": "RHSA-2014:0306", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" + }, + { + "name": "https://puppet.com/security/cve/cve-2014-0082", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-0082" + }, + { + "name": "openSUSE-SU-2014:0295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" + }, + { + "name": "57376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57376" + }, + { + "name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/18/10" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0467.json b/2014/0xxx/CVE-2014-0467.json index fed4b3b2305..1d0ba655c61 100644 --- a/2014/0xxx/CVE-2014-0467.json +++ b/2014/0xxx/CVE-2014-0467.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mutt.org/doc/devel/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.mutt.org/doc/devel/ChangeLog" - }, - { - "name" : "DSA-2874", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2874" - }, - { - "name" : "RHSA-2014:0304", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0304.html" - }, - { - "name" : "openSUSE-SU-2014:0434", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" - }, - { - "name" : "openSUSE-SU-2014:0436", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" - }, - { - "name" : "SUSE-SU-2014:0471", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" - }, - { - "name" : "USN-2147-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2147-1" - }, - { - "name" : "66165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66165" - }, - { - "name" : "1029919", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2874", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2874" + }, + { + "name": "USN-2147-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2147-1" + }, + { + "name": "RHSA-2014:0304", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html" + }, + { + "name": "66165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66165" + }, + { + "name": "http://www.mutt.org/doc/devel/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.mutt.org/doc/devel/ChangeLog" + }, + { + "name": "SUSE-SU-2014:0471", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" + }, + { + "name": "1029919", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029919" + }, + { + "name": "openSUSE-SU-2014:0434", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" + }, + { + "name": "openSUSE-SU-2014:0436", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0640.json b/2014/0xxx/CVE-2014-0640.json index 83398da7cae..2212254941a 100644 --- a/2014/0xxx/CVE-2014-0640.json +++ b/2014/0xxx/CVE-2014-0640.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html" - }, - { - "name" : "69288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69288" - }, - { - "name" : "1030738", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030738" - }, - { - "name" : "rsaarcher-cve20140640-info-disc(95362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rsaarcher-cve20140640-info-disc(95362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362" + }, + { + "name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html" + }, + { + "name": "1030738", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030738" + }, + { + "name": "69288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69288" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0862.json b/2014/0xxx/CVE-2014-0862.json index bdeb6a76c5a..fd27ef71be7 100644 --- a/2014/0xxx/CVE-2014-0862.json +++ b/2014/0xxx/CVE-2014-0862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664566" - }, - { - "name" : "ibm-rationalclm-cve20140862-rce(90895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rationalclm-cve20140862-rce(90895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1311.json b/2014/1xxx/CVE-2014-1311.json index ff64d8872cd..eec8f15deed 100644 --- a/2014/1xxx/CVE-2014-1311.json +++ b/2014/1xxx/CVE-2014-1311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-04-01-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" - }, - { - "name" : "APPLE-SA-2014-04-22-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" - }, - { - "name" : "APPLE-SA-2014-04-22-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-04-22-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-04-22-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" + }, + { + "name": "APPLE-SA-2014-04-01-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1489.json b/2014/1xxx/CVE-2014-1489.json index 642d2d084bb..3857a9012c1 100644 --- a/2014/1xxx/CVE-2014-1489.json +++ b/2014/1xxx/CVE-2014-1489.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=959531", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=959531" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "SUSE-SU-2014:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "USN-2102-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-1" - }, - { - "name" : "USN-2102-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-2" - }, - { - "name" : "65329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65329" - }, - { - "name" : "102874", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102874" - }, - { - "name" : "1029717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029717" - }, - { - "name" : "56888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56888" - }, - { - "name" : "firefox-cve20141489-sec-bypass(90888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102874", + "refsource": "OSVDB", + "url": "http://osvdb.org/102874" + }, + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "1029717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029717" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" + }, + { + "name": "65329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65329" + }, + { + "name": "USN-2102-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-2" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "56888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56888" + }, + { + "name": "firefox-cve20141489-sec-bypass(90888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888" + }, + { + "name": "SUSE-SU-2014:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531" + }, + { + "name": "USN-2102-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1510.json b/2014/1xxx/CVE-2014-1510.json index 0e81e9b9ace..e3c1061893e 100644 --- a/2014/1xxx/CVE-2014-1510.json +++ b/2014/1xxx/CVE-2014-1510.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982906", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982906" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-2881", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2881" - }, - { - "name" : "DSA-2911", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2911" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0310", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0310.html" - }, - { - "name" : "RHSA-2014:0316", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0316.html" - }, - { - "name" : "SUSE-SU-2014:0418", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "openSUSE-SU-2014:0448", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" - }, - { - "name" : "openSUSE-SU-2014:0584", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" - }, - { - "name" : "USN-2151-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2151-1" - }, - { - "name" : "66206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0310", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0310.html" + }, + { + "name": "DSA-2911", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2911" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "SUSE-SU-2014:0418", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2151-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2151-1" + }, + { + "name": "66206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66206" + }, + { + "name": "DSA-2881", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2881" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=982906", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=982906" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "RHSA-2014:0316", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0316.html" + }, + { + "name": "openSUSE-SU-2014:0584", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" + }, + { + "name": "openSUSE-SU-2014:0448", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4214.json b/2014/4xxx/CVE-2014-4214.json index bfe5549978c..4076b13e275 100644 --- a/2014/4xxx/CVE-2014-4214.json +++ b/2014/4xxx/CVE-2014-4214.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "SUSE-SU-2014:1072", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" - }, - { - "name" : "68607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68607" - }, - { - "name" : "1030578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030578" - }, - { - "name" : "60425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60425" - }, - { - "name" : "oracle-cpujul2014-cve20144214(94627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "oracle-cpujul2014-cve20144214(94627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94627" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "1030578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030578" + }, + { + "name": "SUSE-SU-2014:1072", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" + }, + { + "name": "68607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68607" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "60425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60425" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4560.json b/2014/4xxx/CVE-2014-4560.json index 8319b13126c..19a32725540 100644 --- a/2014/4xxx/CVE-2014-4560.json +++ b/2014/4xxx/CVE-2014-4560.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4681.json b/2014/4xxx/CVE-2014-4681.json index 30325a6fc31..a96ad41b469 100644 --- a/2014/4xxx/CVE-2014-4681.json +++ b/2014/4xxx/CVE-2014-4681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4946.json b/2014/4xxx/CVE-2014-4946.json index 05e26088fe6..308fd48353f 100644 --- a/2014/4xxx/CVE-2014-4946.json +++ b/2014/4xxx/CVE-2014-4946.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2014/001025.html" - }, - { - "name" : "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2014/001019.html" - }, - { - "name" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES" - }, - { - "name" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES" - }, - { - "name" : "59770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59770" - }, - { - "name" : "59772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59772" + }, + { + "name": "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2014/001025.html" + }, + { + "name": "59770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59770" + }, + { + "name": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES" + }, + { + "name": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES" + }, + { + "name": "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2014/001019.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5147.json b/2014/5xxx/CVE-2014-5147.json index 6a5770e00fd..798af8cc80b 100644 --- a/2014/5xxx/CVE-2014-5147.json +++ b/2014/5xxx/CVE-2014-5147.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-102.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-102.html" - }, - { - "name" : "1030724", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030724", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030724" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-102.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-102.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5218.json b/2014/5xxx/CVE-2014-5218.json index 7f0591148a2..7a1379b25f2 100644 --- a/2014/5xxx/CVE-2014-5218.json +++ b/2014/5xxx/CVE-2014-5218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5498.json b/2014/5xxx/CVE-2014-5498.json index 455fb86ed67..223398f2f0a 100644 --- a/2014/5xxx/CVE-2014-5498.json +++ b/2014/5xxx/CVE-2014-5498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10469.json b/2016/10xxx/CVE-2016-10469.json index 664793e752b..09ac78400af 100644 --- a/2016/10xxx/CVE-2016-10469.json +++ b/2016/10xxx/CVE-2016-10469.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptogrpahic Issues in CORE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptogrpahic Issues in CORE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10542.json b/2016/10xxx/CVE-2016-10542.json index 33949eec217..1d6f6b0e53a 100644 --- a/2016/10xxx/CVE-2016-10542.json +++ b/2016/10xxx/CVE-2016-10542.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ws node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ws node module", + "version": { + "version_data": [ + { + "version_value": "<=1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nodejs/node/issues/7388", - "refsource" : "MISC", - "url" : "https://github.com/nodejs/node/issues/7388" - }, - { - "name" : "https://nodesecurity.io/advisories/120", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nodejs/node/issues/7388", + "refsource": "MISC", + "url": "https://github.com/nodejs/node/issues/7388" + }, + { + "name": "https://nodesecurity.io/advisories/120", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/120" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10556.json b/2016/10xxx/CVE-2016-10556.json index 85d8e9d06b7..5390d74ec95 100644 --- a/2016/10xxx/CVE-2016-10556.json +++ b/2016/10xxx/CVE-2016-10556.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "sequelize node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=3.19.3" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `[\"test\", \"'); DELETE TestTable WHERE Id = 1 --')\"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection (CWE-89)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sequelize node module", + "version": { + "version_data": [ + { + "version_value": "<=3.19.3" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sequelize/sequelize/issues/5671", - "refsource" : "MISC", - "url" : "https://github.com/sequelize/sequelize/issues/5671" - }, - { - "name" : "https://nodesecurity.io/advisories/102", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `[\"test\", \"'); DELETE TestTable WHERE Id = 1 --')\"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sequelize/sequelize/issues/5671", + "refsource": "MISC", + "url": "https://github.com/sequelize/sequelize/issues/5671" + }, + { + "name": "https://nodesecurity.io/advisories/102", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/102" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10611.json b/2016/10xxx/CVE-2016-10611.json index d5aa69ee084..37ece2bd043 100644 --- a/2016/10xxx/CVE-2016-10611.json +++ b/2016/10xxx/CVE-2016-10611.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "strider-sauce node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "strider-sauce node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/202", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/202", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/202" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10704.json b/2016/10xxx/CVE-2016-10704.json index e305ac86771..fb8487ac8b3 100644 --- a/2016/10xxx/CVE-2016-10704.json +++ b/2016/10xxx/CVE-2016-10704.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://magento.com/security/patches/magento-2010-and-212-security-update", - "refsource" : "CONFIRM", - "url" : "https://magento.com/security/patches/magento-2010-and-212-security-update" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://magento.com/security/patches/magento-2010-and-212-security-update", + "refsource": "CONFIRM", + "url": "https://magento.com/security/patches/magento-2010-and-212-security-update" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3057.json b/2016/3xxx/CVE-2016-3057.json index bba06e96623..79d589c1c6a 100644 --- a/2016/3xxx/CVE-2016-3057.json +++ b/2016/3xxx/CVE-2016-3057.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989578", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989578" - }, - { - "name" : "IT15790", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790" - }, - { - "name" : "94389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94389" + }, + { + "name": "IT15790", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989578", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989578" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3921.json b/2016/3xxx/CVE-2016-3921.json index c7044b86622..48e7e97c318 100644 --- a/2016/3xxx/CVE-2016-3921.json +++ b/2016/3xxx/CVE-2016-3921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2" - }, - { - "name" : "93307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2" + }, + { + "name": "93307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93307" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8237.json b/2016/8xxx/CVE-2016-8237.json index c219f55a95b..a44aa23ba4d 100644 --- a/2016/8xxx/CVE-2016-8237.json +++ b/2016/8xxx/CVE-2016-8237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo Updates", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo Updates", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-8313", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-8313" - }, - { - "name" : "97560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-8313", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-8313" + }, + { + "name": "97560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97560" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8747.json b/2016/8xxx/CVE-2016-8747.json index 0949a6fde6b..f635370d831 100644 --- a/2016/8xxx/CVE-2016-8747.json +++ b/2016/8xxx/CVE-2016-8747.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-8747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.7 to 8.5.9" - }, - { - "version_value" : "9.0.0.M11 to 9.0.0.M15" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-8747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "8.5.7 to 8.5.9" + }, + { + "version_value": "9.0.0.M11 to 9.0.0.M15" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1774161", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1774161" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1774166", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1774166" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://tomcat.apache.org/security-9.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-9.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180614-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180614-0002/" - }, - { - "name" : "96895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180614-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180614-0002/" + }, + { + "name": "http://tomcat.apache.org/security-9.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-9.html" + }, + { + "name": "96895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96895" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1774161", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1774161" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1774166", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1774166" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8748.json b/2016/8xxx/CVE-2016-8748.json index 957fc921cca..43b58de711b 100644 --- a/2016/8xxx/CVE-2016-8748.json +++ b/2016/8xxx/CVE-2016-8748.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-12-19T00:00:00", - "ID" : "CVE-2016-8748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - }, - { - "version_value" : "1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-12-19T00:00:00", + "ID": "CVE-2016-8748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + }, + { + "version_value": "1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2016-8748", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2016-8748" - }, - { - "name" : "95621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95621" + }, + { + "name": "https://nifi.apache.org/security.html#CVE-2016-8748", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2016-8748" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8886.json b/2016/8xxx/CVE-2016-8886.json index e0513e38c3b..f1197f53b09 100644 --- a/2016/8xxx/CVE-2016-8886.json +++ b/2016/8xxx/CVE-2016-8886.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161022 Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/23/2" - }, - { - "name" : "[oss-security] 20161025 Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/25/11" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388880", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388880" - }, - { - "name" : "FEDORA-2016-6c789ba91d", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/" - }, - { - "name" : "FEDORA-2016-e0f0d48142", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/" - }, - { - "name" : "93839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-6c789ba91d", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c" + }, + { + "name": "93839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93839" + }, + { + "name": "[oss-security] 20161025 Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/25/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388880", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388880" + }, + { + "name": "[oss-security] 20161022 Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/23/2" + }, + { + "name": "FEDORA-2016-e0f0d48142", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9190.json b/2016/9xxx/CVE-2016-9190.json index 9fefcee44bf..562e2c0ff66 100644 --- a/2016/9xxx/CVE-2016-9190.json +++ b/2016/9xxx/CVE-2016-9190.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html", - "refsource" : "CONFIRM", - "url" : "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html" - }, - { - "name" : "https://github.com/python-pillow/Pillow/issues/2105", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/issues/2105" - }, - { - "name" : "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af" - }, - { - "name" : "DSA-3710", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3710" - }, - { - "name" : "GLSA-201612-52", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-52" - }, - { - "name" : "94234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-52", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-52" + }, + { + "name": "94234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94234" + }, + { + "name": "https://github.com/python-pillow/Pillow/issues/2105", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/issues/2105" + }, + { + "name": "DSA-3710", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3710" + }, + { + "name": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html", + "refsource": "CONFIRM", + "url": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html" + }, + { + "name": "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9824.json b/2016/9xxx/CVE-2016-9824.json index 3ef041d739a..6157107d67c 100644 --- a/2016/9xxx/CVE-2016-9824.json +++ b/2016/9xxx/CVE-2016-9824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" - }, - { - "name" : "94732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94732" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9946.json b/2016/9xxx/CVE-2016-9946.json index afeea3787aa..74e134794ea 100644 --- a/2016/9xxx/CVE-2016-9946.json +++ b/2016/9xxx/CVE-2016-9946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2034.json b/2019/2xxx/CVE-2019-2034.json index 35d693b5f61..d65fa6fcec8 100644 --- a/2019/2xxx/CVE-2019-2034.json +++ b/2019/2xxx/CVE-2019-2034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2334.json b/2019/2xxx/CVE-2019-2334.json index 3753d34cd35..313b0630709 100644 --- a/2019/2xxx/CVE-2019-2334.json +++ b/2019/2xxx/CVE-2019-2334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2334", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2334", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2865.json b/2019/2xxx/CVE-2019-2865.json index fe439870b95..af069532bd5 100644 --- a/2019/2xxx/CVE-2019-2865.json +++ b/2019/2xxx/CVE-2019-2865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2871.json b/2019/2xxx/CVE-2019-2871.json index 80125620edb..a34976f13df 100644 --- a/2019/2xxx/CVE-2019-2871.json +++ b/2019/2xxx/CVE-2019-2871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2871", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2871", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6151.json b/2019/6xxx/CVE-2019-6151.json index 49dfa4b40c4..863848eb3d1 100644 --- a/2019/6xxx/CVE-2019-6151.json +++ b/2019/6xxx/CVE-2019-6151.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6151", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6151", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6796.json b/2019/6xxx/CVE-2019-6796.json index bc2e71bf63a..95c372e937f 100644 --- a/2019/6xxx/CVE-2019-6796.json +++ b/2019/6xxx/CVE-2019-6796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6796", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6796", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6985.json b/2019/6xxx/CVE-2019-6985.json index 187df88f3ff..bb68f88f2f0 100644 --- a/2019/6xxx/CVE-2019-6985.json +++ b/2019/6xxx/CVE-2019-6985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7417.json b/2019/7xxx/CVE-2019-7417.json index 9b7cb395a39..e191d789e1d 100644 --- a/2019/7xxx/CVE-2019-7417.json +++ b/2019/7xxx/CVE-2019-7417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7791.json b/2019/7xxx/CVE-2019-7791.json index 5d58ef986a0..2dd71b43eb0 100644 --- a/2019/7xxx/CVE-2019-7791.json +++ b/2019/7xxx/CVE-2019-7791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file